Hi Tom, Any thoughts, or am I missing something? John ----- Original Message ----- From: john To: Shorewall Users Mailing List Sent: Wednesday, October 08, 2003 1:40 AM Subject: strange situation Dear Tom, I''m encountering a situation that is confounding me. I installed Shorewall v 1.4.6c from the tar ball. Everything seems to work as I would expect re rules, masq, policy etc. except I cannot ping my ''dmz'' from the ''loc'' zone when the computer is started or rebooted. I can ping if I ''restart'', ''stop/start'', ''stop'' or ''clear'' Shorewall. So my routing is ok and my ''stopped'' situation is ok and my rules and policy would seem to be ok on a restart but not on a cold or warm boot. If I need to include any info. from one of the config files I''m happy to do so. TIA John
On Wed, 2003-10-08 at 07:31, john wrote:> Hi Tom, > > Any thoughts, or am I missing something? >John -- I have no ideas. If I had, I would have responded when you posted this the first time. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Wed, 2003-10-08 at 07:31, Tom Eastep wrote:> On Wed, 2003-10-08 at 07:31, john wrote: > > Hi Tom, > > > > Any thoughts, or am I missing something? > > > > John -- I have no ideas. If I had, I would have responded when you > posted this the first time.Of course there some obvious things like comparing the rulesets ("shorewall status") before and after you restart Shorewall but I assumed that you would have already done that... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Ethereal or TCP-dump are going to be your friends in this situation.. JBanks --- Tom Eastep <teastep@shorewall.net> wrote:> On Wed, 2003-10-08 at 07:31, Tom Eastep wrote: > > On Wed, 2003-10-08 at 07:31, john wrote: > > > Hi Tom, > > > > > > Any thoughts, or am I missing something? > > > > > > > John -- I have no ideas. If I had, I would have responded when you > > posted this the first time. > > Of course there some obvious things like comparing the rulesets > ("shorewall status") before and after you restart Shorewall but I > assumed that you would have already done that... > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm__________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
On Wed, 2003-10-08 at 08:40, Joshua Banks wrote:> Ethereal or TCP-dump are going to be your friends in this situation.. > > JBanks > --- Tom Eastep <teastep@shorewall.net> wrote: > > On Wed, 2003-10-08 at 07:31, Tom Eastep wrote: > > > On Wed, 2003-10-08 at 07:31, john wrote: > > > > Hi Tom, > > > > > > > > Any thoughts, or am I missing something? > > > > > > > > > > John -- I have no ideas. If I had, I would have responded when you > > > posted this the first time. > > > > Of course there some obvious things like comparing the rulesets > > ("shorewall status") before and after you restart Shorewall but I > > assumed that you would have already done that... > >Another thing to look at would be the boot log (on RedHat systems, it is /var/log/boot.log) to see if any unusual messages are being issued during the startup of Shorewall. Also, compare the Shorewall output in the boot log from that obtained during the subsequent "shorewall restart". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Thanks for your ideas, Tom. I did check ''status'' but I didn''t compare them. ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Shorewall Users Mailing List" <shorewall-users@lists.shorewall.net> Sent: Thursday, October 09, 2003 12:35 AM Subject: Re: [Shorewall-users] Fw: strange situation> On Wed, 2003-10-08 at 07:31, Tom Eastep wrote: > > On Wed, 2003-10-08 at 07:31, john wrote: > > > Hi Tom, > > > > > > Any thoughts, or am I missing something? > > > > > > > John -- I have no ideas. If I had, I would have responded when you > > posted this the first time. > > Of course there some obvious things like comparing the rulesets > ("shorewall status") before and after you restart Shorewall but I > assumed that you would have already done that... > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >