Shorewall users - Dec 2004 - Newbie: Problem with two-interface setup

Hi

I have a problem with Shorewall on my two-interface connection. I run
Debian unstable. The setup looks like this:

Internet -------- router ------- server 
213.237.12.137    192.168.1.3    192.168.1.2
                                 192.168.0.7 --- local net
                                                 192.168.0.{...}

I can ping the server from the local net, and the local net from the
server. 

I can send mail between the server <--> local net.

The server is visible and working towards the Internet (mail, DNS and
web).

But the local net cannot communicate with the Internet. I cannot se
what could be wrong here. 

I had to switch off the norfc1918 option because I got a lot of errors
when the router communicated with the system.

My configuration is appended to this mail.

Can anyone help?

Thanks in advance
John

On Wed, 2004-12-15 at 23:10 +0100, John Plate wrote:
> 
> Can anyone help?
You need to set IP_FORWARDING=Yes in shorewall.conf (This is a
Debianism).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Wed, 2004-12-15 at 14:40 -0800, Tom Eastep wrote:
> On Wed, 2004-12-15 at 23:10 +0100, John Plate wrote:
> 
> > 
> > Can anyone help?
> 
> You need to set IP_FORWARDING=Yes in shorewall.conf (This is a
> Debianism).
Note that this is mentioned in the Two-interface QuickStart Guide:

"If you are using the Debian package, please check your shorewall.conf
file to ensure that the following are set correctly; if they are not,
change them appropriately: 

      * NAT_ENABLED=Yes (Shorewall versions earlier than 1.4.6)
        
      * IP_FORWARDING=On"

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Tom Eastep wrote:
> > You need to set IP_FORWARDING=Yes in shorewall.conf (This is a
> > Debianism).
> 
> Note that this is mentioned in the Two-interface QuickStart Guide:
> 
> "If you are using the Debian package, please check your shorewall.conf
> file to ensure that the following are set correctly; if they are not,
> change them appropriately: 
> 
>       * NAT_ENABLED=Yes (Shorewall versions earlier than 1.4.6)
>         
>       * IP_FORWARDING=On"
Shame on me :( 
Thanks a lot - it works now!

John