Shorewall users - Jan 2003 - Perplexing problem blocking PING, plus comments wanted on 4 interface firewall

Gents,

I have build a four interface firewall using Redhat V7.3 using a kernel
supplied from the PoPTop website. Obviously I have poptop installed, and it
seems to be working just fine. Anyway, I also have Shorewall installed, and
it seems to be working just dandy except for one small problem. A little
infor first. The interfaces/zones are ...

net	eth0
loc	eth1	192.168.10.0/24
wlan	eth2	192.168.20.0/24
dmz2	eth3	192.168.30.0/24

the "wlan" zone is dedicated to a wireless LAN that I only want to
allow
access via ports 80-443-25 to the Internet, and nowhere else.

My problem. While connected to the "wlan" zone, I in fact can not
access
anything but the "net" zone on ports 80-443-25, BUT if I try to ping
an
address on the "loc" zone, the ping goes through. I have tried 20
different
combo''s of things, and looked through all the config files for hours
now,
and just can''t figure out what my problem is.

I have included all the relevant config files in a GZIP''d TAR file that
I
have attached to this e-mail. In this TAR is also a files called
"swstatus.txt", which is the output of the "shorewall show
status" command.

Please let me know what I''m doing wrong.

Also, I think I did everything correctly in defining a 4 legged firewall.
Have I missed something?


				Thanks,


				Joe


-------------- next part --------------
z''??mj?Zr?????+???t??z??W?????4?????X?j????`?*R?7???yo+^?7?rz-j?????yJ???i????[!???jYgz??????????h???[?z??j?Zr?????M7?];??6w??0~)^?[Z???