Using Mandrake MNF which uses shorewall as it''s firewall.
My firewall is simple with just two interfaces. One on the internet
one on the local network. I can''t browse out to the internet with a
browser. Or connect to my external mail server. If I set up the proxy
server and set my browser to connect via the proxy I can browse the
internet. But still can''t get mail to work.
Using TCPDump I can see the traffic going out. But the firewall is
not letting it back in. If I set up my workstation directly to the
internet connection I can browse and get mail.
my shorewall status is attached. If anyone can help I greatly
appreciate it. I like the setup of this product and it will go much
quicker then building firewalls by hand.
Cheers,
Scott
THERE IS ONLY ONE...
SOCCER.COM, The Center of the Soccer Universe
http://www.soccer.com-------------- next part --------------
z''??mj?Zr?????+???t??z?h??q?<?y?i?''?*''??-z?-???J,???4???z????!?????+?m?????l?+{??w????z???_??????e????????!???????}5?_????????+z??
my bad, I didn''t have the subnet mask of the lan zone to be masq''d entered. Just the network. Now seem''s to be working ok. Cheers and great product Tom, from another Washingtonian. Scott THERE IS ONLY ONE... SOCCER.COM, The Center of the Soccer Universe http://www.soccer.com
--On Friday, January 31, 2003 7:08 AM -0800 Scott Taylor <scottt@soccer.com> wrote:> Using Mandrake MNF which uses shorewall as it''s firewall. > My firewall is simple with just two interfaces. One on the internet > one on the local network. I can''t browse out to the internet with a > browser. Or connect to my external mail server. If I set up the proxy > server and set my browser to connect via the proxy I can browse the > internet. But still can''t get mail to work. > > Using TCPDump I can see the traffic going out. But the firewall is > not letting it back in. If I set up my workstation directly to the > internet connection I can browse and get mail. > > my shorewall status is attached. If anyone can help I greatly > appreciate it. I like the setup of this product and it will go much > quicker then building firewalls by hand. >a) What you attached is not the output from "/sbin/shorewall status". b) You have a lan->wan policy of ACCEPT yet you have a lot of lan->wan ACCEPT rules -- all the rules do is slow down your firewall. c) Your assertion that "the firewall is not letting it back in" is probably nonsense; what is the log showing you? (/sbin/shorewall show log). if I had to make a wild guess without a full "shorewall status", I suspect that you either haven''t set up SNAT/masquerading or that you have done it wrong. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
--On Friday, January 31, 2003 7:32 AM -0800 Scott Taylor <scottt@soccer.com> wrote:> my bad, > I didn''t have the subnet mask of the lan zone to be masq''d entered. > Just the network.As I suspected....> Now seem''s to be working ok.Great! You might want to remove those extraneous rules while you''re thinking about it :-)> > Cheers and great product Tom, from another Washingtonian.Thanks, Scott -- Cheers, -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Perhaps your local network doesn''t have the right to access Internet. Take a look at : http://www.shorewall.net/two-interface.htm In /etc/shorewall/policy you must have a line with : loc net ACCEPT And in shorewall.conf you must have NAT_ENABLED="Yes" Le ven 31/01/2003 ? 16:08, Scott Taylor a ?crit :> Using Mandrake MNF which uses shorewall as it''s firewall. > My firewall is simple with just two interfaces. One on the internet > one on the local network. I can''t browse out to the internet with a > browser. Or connect to my external mail server. If I set up the proxy > server and set my browser to connect via the proxy I can browse the > internet. But still can''t get mail to work. > > Using TCPDump I can see the traffic going out. But the firewall is > not letting it back in. If I set up my workstation directly to the > internet connection I can browse and get mail. > > my shorewall status is attached. If anyone can help I greatly > appreciate it. I like the setup of this product and it will go much > quicker then building firewalls by hand. > > Cheers, > Scott > > THERE IS ONLY ONE... > SOCCER.COM, The Center of the Soccer Universe > http://www.soccer.com > > ______________________________________________________________________ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users-- VETSEL Patrice Forum d''aide DEBIAN Francophone sur : http://kagou.tuxfamily.org/