Eyal Lior
2004-Oct-27 13:06 UTC
cannot establish connections from the machine to the internet
first thing: I''m not on the mailing list so please reply to
eyall@fitracks.com
now
i have a linux workstation inside the office''s LAN, from some reason i
cannot establish connections from the machine to the internet with those
settings.
i''ve been trying to change prefs and read almost all the docs but still
don''t know
what''s the problem so i have to shutdown the firewall in order to run
system updates...
thanx, eyal
System info:
zones:
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local networks
rules:
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
RATE USER/
# PORT PORT(S) DEST
LIMIT GROUP
ACCEPT net fw tcp 21
ACCEPT net fw tcp 22
ACCEPT net fw tcp 80
ACCEPT net fw tcp 10000
ACCEPT fw net icmp echo-request
ACCEPT fw loc udp 137:139
ACCEPT fw loc tcp 137,139,445
ACCEPT fw loc udp 1024: 137
ACCEPT loc fw udp 137:139
ACCEPT loc fw tcp 137,139,445
ACCEPT loc fw udp 1024: 137
ACCEPT net fw udp 137:139
ACCEPT net fw tcp 137,139,445
ACCEPT net fw udp 1024: 137
ACCEPT $FW net tcp
gentoo / kernel 2.6.7-r11
root@fitux ssmtp # /sbin/shorewall version
2.0.4
root@fitux ssmtp # ip addr show
1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0e:a6:cb:26:fe brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0
2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
root@fitux ssmtp # ip route show
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.1
127.0.0.0/8 via 127.0.0.1 dev lo scope link
default via 192.168.0.254 dev eth0
root@fitux ssmtp #
--
Eyal Lior
FiTracks Inc.
13, Hasadna Street, P.O.Box 2652
Ra''anana 43650, Israel
Tel: ++ 972 9 7462988
Fax: ++ 972 9 7463969
Email : eyall@fitracks.com
The information included in this e-mail message is intended for the use of
the individual or entity named above and may contain information that is
privileged, confidential, private and/or exempt from disclosure under
applicable law. If the reader of this message is not the intended recipient,
you are hereby notified that any dissemination, distribution or copying of
this communication is strictly prohibited. If you have received this
communication in error, please notify us immediately at eyall@fitracks.com
and delete all copies of this communication. Thank you.
Tom Eastep
2004-Oct-27 14:07 UTC
Re: cannot establish connections from the machine to the internet
On Wednesday 27 October 2004 06:06, Eyal Lior wrote:> i have a linux workstation inside the office''s LAN, from some reason i > cannot establish connections from the machine to the internet with those > settings. > i''ve been trying to change prefs and read almost all the docs but still > don''t know > what''s the problem so i have to shutdown the firewall in order to run > system updates... > > root@fitux ssmtp # /sbin/shorewall version > 2.0.4 > root@fitux ssmtp # ip addr show > 1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:0e:a6:cb:26:fe brd ff:ff:ff:ff:ff:ff > inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0 > 2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > root@fitux ssmtp # ip route show > 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.1 > 127.0.0.0/8 via 127.0.0.1 dev lo scope link > default via 192.168.0.254 dev eth0 > root@fitux ssmtp #This system appears to have only one network interface yet what little information you sent about your Shorewall configuration looks like you have two zones. Please send a proper report as described at http://shorewall.net/support.htm and pay attention to the part in bold font that says "THIS IS IMPORTANT". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key