Hello everyone: I have a problem with the shorewall configuration. Let''s me tell you. I have installed shorewall 2.0.4 into a machine with 2.6.8 kernel. This machine works like a software-router: it has 2 netcard eth0 goes to the local network 192.168.0.0/24 eth1 is an interface for ppp0 (there is an ADSL conected) I have defined the Network Zones (net, loc); The Network Interfaces (ppp+ -> net and eth0 -> loc); The Firewall rules: ACCEPT Zone Net to Firewall (TCP) http,https,ftp,sftp,smtp,pop3,ssh ACCEPT Zone Loc to Firewall (TCP) http,https,ftp,sftp,smtp,pop3,ssh And the masquerading: ppp+ ->Network on eth0 (Routestopped permits all the traffic when shorewall is stoped) My problem is: When Shorewall starts, all the local machines runs OK, but the server machine with Shorewall installed can not conect to internet; when the firewall is stoped, this machine can conect. Any ideas? Thanks a lot -- Saludos Manuel Pérez López http://www.ieduca.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Manuel Pérez López wrote: | | My problem is: | When Shorewall starts, all the local machines runs OK, but the server machine | with Shorewall installed can not conect to internet; when the firewall is | stoped, this machine can conect. | | | Any ideas? | Yes -- set the fw->net policy to ACCEPT. In fact, the two-interface QuickStart Guide advises you to do that and the two-interface sample contains that policy commented out. If you installed according to that Guide, all you have to do is uncomment the single line. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBONlkO/MAbZfjDLIRArrMAJsGmj3p6R1dsE4IfCBeoJnxWhGxkACdFs9a RV0G/TGUWLFMTsJepPfbf9E=VAnX -----END PGP SIGNATURE-----
On Fri, 3 Sep 2004, Manuel Pérez López wrote: - Hello everyone: - - I have a problem with the shorewall configuration. Let''s me tell you. I have - installed shorewall 2.0.4 into a machine with 2.6.8 kernel. This machine - works like a software-router: it has 2 netcard - eth0 goes to the local network 192.168.0.0/24 - eth1 is an interface for ppp0 (there is an ADSL conected) - - I have defined the Network Zones (net, loc); - The Network Interfaces (ppp+ -> net and eth0 -> loc); - The Firewall rules: - ACCEPT Zone Net to Firewall (TCP) http,https,ftp,sftp,smtp,pop3,ssh - ACCEPT Zone Loc to Firewall (TCP) http,https,ftp,sftp,smtp,pop3,ssh - And the masquerading: ppp+ ->Network on eth0 - (Routestopped permits all the traffic when shorewall is stoped) - - My problem is: - When Shorewall starts, all the local machines runs OK, but the server machine - with Shorewall installed can not conect to internet; when the firewall is - stoped, this machine can conect. - - - Any ideas? The firewall is a separate zone so you need a rule or policy allowing it to talk to the internet. ACCEPT zone Firewall to Net <etc> -- Stephen