Shorewall users - Aug 2006 - Clients can't through to internet

I just setup the Shorewall in my school, but now all clients can''t
through to internet, all servers can through to internet with NAT, when I
disabled NAT that all servers can''t through to internet.
  
Below is my school network:
  internet ---> shorewall ----> loc ---> ciso router ---> loc1
  
Below is my config files:
   
  policy:
# If you want to force clients to access the Internet via a proxy server
# on your firewall, change the loc to net policy to REJECT info.
loc  net  ACCEPT
loc  $FW  DROP  info
loc  all  DROP  info
  #
# Policies for traffic originating from the firewall ($FW)
#
# If you want open access to the Internet from your firewall, change the
# $FW to net policy to ACCEPT and remove the ''info'' LOG LEVEL.
# This may be useful if you run a proxy server on the firewall.
$FW  net  DROP  info
$FW  loc  DROP  info
$FW  all  DROP  info
  #
# Policies for traffic originating from the Internet zone (net)
#
net  $FW  DROP  info
net  loc  DROP  info
net  all  DROP  info
  # THE FOLLOWING POLICY MUST BE LAST
all  all  DROP  info
  #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
  
zones:
#ZONE TYPE OPTIONS   IN   OUT
#     OPTIONS   OPTIONS
fw firewall
net ipv4
loc1    ipv4
loc ipv4
vpn     ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
  
rules:
####################################################################
#       Accept connections from internet to the local network      #
####################################################################
HTTP/ACCEPT   net    loc:192.168.0.8 
HTTP/ACCEPT   net    loc:192.168.0.102 
HTTP/ACCEPT   net    loc:192.168.0.104 
HTTP/ACCEPT   net    loc:192.168.0.105 
HTTP/ACCEPT   net    loc:192.168.0.106 
#HTTP/ACCEPT   net    loc:192.168.0.108
  #SSL/ACCEPT   net    loc:192.168.0.108 
  FTP/ACCEPT    net   loc:192.168.0.3  
FTP/ACCEPT    net   loc:192.168.0.8   
FTP/ACCEPT    net   loc:192.168.0.105                     
FTP/ACCEPT    net   loc:192.168.0.106                     
  DNAT          net   loc:192.168.0.109  tcp      25      -        
210.0.214.132
  abc/ACCEPT   net    loc:192.168.0.83                 
               
VNC/ACCEPT   net    loc:192.168.0.105 
            
SSH/ACCEPT  net:210.3.33.242-210.3.33.254    loc:192.168.0.102              
#############################################################
# Allow connection from local network to firewall     #
#############################################################
SSH/ACCEPT       loc    $FW
  Ping/ACCEPT  loc    $FW                        
  #############################################################################
# Allow connection from firewall to the internet and local network    # 
#############################################################################
Ping/ACCEPT     $FW    loc         
Ping/ACCEPT     $FW    net           
  #DNS/ACCEPT      $FW    net 
######################################################################### 
# Reject Ping from the internet and prevent your log from being flooded.#
#########################################################################
Ping/DROP net    $FW               
  #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
  
hosts:
#ZONE HOST(S)     OPTIONS
loc1    eth0:10.0.15.0/24
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
  
interface:
#ZONE INTERFACE BROADCAST OPTIONS
net     eth1            detect          tcpflags,routefilter,nosmurfs,norfc1918
loc     eth0            detect          tcpflags,detectnets,nosmurfs
vpn     tun0
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
  
masq:
#ZONE INTERFACE BROADCAST OPTIONS
net     eth1            detect          tcpflags,routefilter,nosmurfs,norfc1918
loc     eth0            detect          tcpflags,detectnets,nosmurfs
vpn     tun0
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
  
nat:
#EXTERNAL INTERFACE INTERNAL ALL  LOCAL
#      INTERFACES
210.0.214.130  eth1:1          192.168.0.2
210.0.214.131   eth1:2          192.168.0.83
210.0.214.132   eth1:3          192.168.0.104
210.0.214.133   eth1:4          192.168.0.105
210.0.214.134   eth1:5          192.168.0.106
210.0.214.135   eth1:6          192.168.0.102
210.0.214.136   eth1:7          192.168.0.3
210.0.214.137   eth1:8          192.168.0.8
210.0.214.138   eth1:9          192.168.0.108    
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
   

 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Wilson Kwok wrote:
> I just setup the Shorewall in my school, but now all clients can''t
> through to internet, all servers can through to internet with NAT, when
> I disabled NAT that all servers can''t through to internet.
Unfortunately, you have not explained where the ''clients'' are
and where
the ''servers'' are. Are the ''clients'' are in
zone loc1 and the servers
are in ''loc''?

You have also not given us any information about the IP configuration
and routing of this firewall -- Wilson, THAT INFORMATION IS IMPORTANT.

Given that the servers have RFC 1918 addresses, it is not surprising
that the servers can''t access the internet if you disable NAT. But
without knowing the IP configuration (and whether the upstream routers
are configured to route 192.168.0.0/24 through the Shorewall box), we
can''t possibly know if that is a problem or "just the way it
works".

As I have explained hundreds of times on this list, I really don''t want
to see all of your configuration files -- as described at
http://www.shorewall.net/support.htm, I would prefer that you:

a) "shorewall reset"
b) Try to connect
c) "shorewall dump > dump.txt"
d) Post the ''dump.txt'' file as an attachment (compressed is
best).
e) Explain:
	1) The IP address of the system that you were trying to
	   connect from.
	2) The IP address of the system that you were trying to
	   connect to.
	3) What happened (timeout? connection refused? ...)

If you do the above, then we will generally have all the information
that we need to solve your problem.
> 
> Below is my school network:
> internet ---> shorewall ----> loc ---> ciso router ---> loc1
> 
> Below is my config files:
> 
> zones:
> #ZONE TYPE OPTIONS   IN   OUT
> #     OPTIONS   OPTIONS
> fw firewall
> net ipv4
> loc1    ipv4
> loc ipv4
> vpn     ipv4
> #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
> 
> rules:
> ####################################################################
> #       Accept connections from internet to the local network      #
> ####################################################################
> HTTP/ACCEPT   net    loc:192.168.0.8
> HTTP/ACCEPT   net    loc:192.168.0.102
> HTTP/ACCEPT   net    loc:192.168.0.104
> HTTP/ACCEPT   net    loc:192.168.0.105
> HTTP/ACCEPT   net    loc:192.168.0.106
> #HTTP/ACCEPT   net    loc:192.168.0.108
> #SSL/ACCEPT   net    loc:192.168.0.108
> FTP/ACCEPT    net   loc:192.168.0.3 
> FTP/ACCEPT    net   loc:192.168.0.8  
> FTP/ACCEPT    net   loc:192.168.0.105                    
> FTP/ACCEPT    net   loc:192.168.0.106                    
> DNAT          net   loc:192.168.0.109  tcp      25      -        
> 210.0.214.132
> abc/ACCEPT   net    loc:192.168.0.83                
>               
> VNC/ACCEPT   net    loc:192.168.0.105
>            
> SSH/ACCEPT  net:210.3.33.242-210.3.33.254    loc:192.168.0.102             
> #############################################################
> # Allow connection from local network to firewall     #
> #############################################################
> SSH/ACCEPT       loc    $FW
> Ping/ACCEPT  loc    $FW 
So you are not accepting Ping from loc1->$FW? Can you
''clients'' ping the
firewall if you add:

Ping/ACCEPT    loc1   $FW
>
#############################################################################
> # Allow connection from firewall to the internet and local network    #
>
#############################################################################
> Ping/ACCEPT     $FW    loc
Ditto here... If you add:

Ping/ACCEPT    $FW    loc1

Then can the firewall ping hosts in the loc1 zone?

> Ping/ACCEPT     $FW    net          
> #DNS/ACCEPT      $FW    net
> #########################################################################
> # Reject Ping from the internet and prevent your log from being flooded.#
> #########################################################################
> Ping/DROP net    $FW              
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Your rules file doesn''t mention the ''loc1'' zone at
all and your policies
forbid any access to that zone. So communication to/from
''loc1'' is not
possible with Shorewall started. Do you really need the ''loc1''
zone? See
http://www.shorewall.net/Multiple_Zones.html
> 
> hosts:
> #ZONE HOST(S)     OPTIONS
> loc1    eth0:10.0.15.0/24
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
> 
> interface:
> #ZONE INTERFACE BROADCAST OPTIONS
> net     eth1            detect         
> tcpflags,routefilter,nosmurfs,norfc1918
> loc     eth0            detect          tcpflags,detectnets,nosmurfs
The ''detectnets'' option isn''t appropriate when you
have two zones
connected through the same interface.
> vpn     tun0
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 
> masq:
> #ZONE INTERFACE BROADCAST OPTIONS
> net     eth1            detect         
> tcpflags,routefilter,nosmurfs,norfc1918
> loc     eth0            detect          tcpflags,detectnets,nosmurfs
> vpn     tun0
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 
That can''t possibly be your /etc/shorewall/masq file -- it is an exact
copy of what you posted for /etc/shorewall/interfaces!

Please provide the information requested above and we will try to help.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Dear Tome Eastep.
   
  Thank your reply, I sent the attached file to this account
teastep@shorewall.net.
   
  Thank

Tom Eastep <teastep@avvanta.com> 說：
  Wilson Kwok wrote:
> I just setup the Shorewall in my school, but now all clients can''t
> through to internet, all servers can through to internet with NAT, when
> I disabled NAT that all servers can''t through to internet.
Unfortunately, you have not explained where the ''clients'' are
and where
the ''servers'' are. Are the ''clients'' are in
zone loc1 and the servers
are in ''loc''?

You have also not given us any information about the IP configuration
and routing of this firewall -- Wilson, THAT INFORMATION IS IMPORTANT.

Given that the servers have RFC 1918 addresses, it is not surprising
that the servers can''t access the internet if you disable NAT. But
without knowing the IP configuration (and whether the upstream routers
are configured to route 192.168.0.0/24 through the Shorewall box), we
can''t possibly know if that is a problem or "just the way it
works".

As I have explained hundreds of times on this list, I really don''t want
to see all of your configuration files -- as described at
http://www.shorewall.net/support.htm, I would prefer that you:

a) "shorewall reset"
b) Try to connect
c) "shorewall dump > dump.txt"
d) Post the ''dump.txt'' file as an attachment (compressed is
best).
e) Explain:
1) The IP address of the system that you were trying to
connect from.
2) The IP address of the system that you were trying to
connect to.
3) What happened (timeout? connection refused? ...)

If you do the above, then we will generally have all the information
that we need to solve your problem.
> 
> Below is my school network:
> internet ---> shorewall ----> loc ---> ciso router ---> loc1
> 
> Below is my config files:
> 
> zones:
> #ZONE TYPE OPTIONS IN OUT
> # OPTIONS OPTIONS
> fw firewall
> net ipv4
> loc1 ipv4
> loc ipv4
> vpn ipv4
> #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
> 
> rules:
> ####################################################################
> # Accept connections from internet to the local network #
> ####################################################################
> HTTP/ACCEPT net loc:192.168.0.8
> HTTP/ACCEPT net loc:192.168.0.102
> HTTP/ACCEPT net loc:192.168.0.104
> HTTP/ACCEPT net loc:192.168.0.105
> HTTP/ACCEPT net loc:192.168.0.106
> #HTTP/ACCEPT net loc:192.168.0.108
> #SSL/ACCEPT net loc:192.168.0.108
> FTP/ACCEPT net loc:192.168.0.3 
> FTP/ACCEPT net loc:192.168.0.8 
> FTP/ACCEPT net loc:192.168.0.105 
> FTP/ACCEPT net loc:192.168.0.106 
> DNAT net loc:192.168.0.109 tcp 25 - 
> 210.0.214.132
> abc/ACCEPT net loc:192.168.0.83 
> 
> VNC/ACCEPT net loc:192.168.0.105
> 
> SSH/ACCEPT net:210.3.33.242-210.3.33.254 loc:192.168.0.102 
> #############################################################
> # Allow connection from local network to firewall #
> #############################################################
> SSH/ACCEPT loc $FW
> Ping/ACCEPT loc $FW 
So you are not accepting Ping from loc1->$FW? Can you
''clients'' ping the
firewall if you add:

Ping/ACCEPT loc1 $FW
>
#############################################################################
> # Allow connection from firewall to the internet and local network #
>
#############################################################################
> Ping/ACCEPT $FW loc
Ditto here... If you add:

Ping/ACCEPT $FW loc1

Then can the firewall ping hosts in the loc1 zone?

> Ping/ACCEPT $FW net 
> #DNS/ACCEPT $FW net
> #########################################################################
> # Reject Ping from the internet and prevent your log from being flooded.#
> #########################################################################
> Ping/DROP net $FW 
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Your rules file doesn''t mention the ''loc1'' zone at
all and your policies
forbid any access to that zone. So communication to/from
''loc1'' is not
possible with Shorewall started. Do you really need the ''loc1''
zone? See
http://www.shorewall.net/Multiple_Zones.html
> 
> hosts:
> #ZONE HOST(S) OPTIONS
> loc1 eth0:10.0.15.0/24
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
> 
> interface:
> #ZONE INTERFACE BROADCAST OPTIONS
> net eth1 detect 
> tcpflags,routefilter,nosmurfs,norfc1918
> loc eth0 detect tcpflags,detectnets,nosmurfs
The ''detectnets'' option isn''t appropriate when you
have two zones
connected through the same interface.
> vpn tun0
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 
> masq:
> #ZONE INTERFACE BROADCAST OPTIONS
> net eth1 detect 
> tcpflags,routefilter,nosmurfs,norfc1918
> loc eth0 detect tcpflags,detectnets,nosmurfs
> vpn tun0
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 
That can''t possibly be your /etc/shorewall/masq file -- it is an exact
copy of what you posted for /etc/shorewall/interfaces!

Please provide the information requested above and we will try to help.

-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk
 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

1) The IP address of the system that you were trying to
    connect from.
   
     I can connect to school NATed server from home.
    
 2) The IP address of the system that you were trying to
    connect to.
   
      All clients can''t connect to world , except all servers with NAT.
  
 3) What happened (timeout? connection refused? ...)

    I was checked the /var/log/messages, but there no timeout, connection  
refused etc.
  
Tom Eastep <teastep@avvanta.com> 說：
  Wilson Kwok wrote:
> I just setup the Shorewall in my school, but now all clients can''t
> through to internet, all servers can through to internet with NAT, when
> I disabled NAT that all servers can''t through to internet.
Unfortunately, you have not explained where the ''clients'' are
and where
the ''servers'' are. Are the ''clients'' are in
zone loc1 and the servers
are in ''loc''?

You have also not given us any information about the IP configuration
and routing of this firewall -- Wilson, THAT INFORMATION IS IMPORTANT.

Given that the servers have RFC 1918 addresses, it is not surprising
that the servers can''t access the internet if you disable NAT. But
without knowing the IP configuration (and whether the upstream routers
are configured to route 192.168.0.0/24 through the Shorewall box), we
can''t possibly know if that is a problem or "just the way it
works".

As I have explained hundreds of times on this list, I really don''t want
to see all of your configuration files -- as described at
http://www.shorewall.net/support.htm, I would prefer that you:

a) "shorewall reset"
b) Try to connect
c) "shorewall dump > dump.txt"
d) Post the ''dump.txt'' file as an attachment (compressed is
best).
e) Explain:
1) The IP address of the system that you were trying to
connect from.
2) The IP address of the system that you were trying to
connect to.
3) What happened (timeout? connection refused? ...)

If you do the above, then we will generally have all the information
that we need to solve your problem.
> 
> Below is my school network:
> internet ---> shorewall ----> loc ---> ciso router ---> loc1
> 
> Below is my config files:
> 
> zones:
> #ZONE TYPE OPTIONS IN OUT
> # OPTIONS OPTIONS
> fw firewall
> net ipv4
> loc1 ipv4
> loc ipv4
> vpn ipv4
> #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
> 
> rules:
> ####################################################################
> # Accept connections from internet to the local network #
> ####################################################################
> HTTP/ACCEPT net loc:192.168.0.8
> HTTP/ACCEPT net loc:192.168.0.102
> HTTP/ACCEPT net loc:192.168.0.104
> HTTP/ACCEPT net loc:192.168.0.105
> HTTP/ACCEPT net loc:192.168.0.106
> #HTTP/ACCEPT net loc:192.168.0.108
> #SSL/ACCEPT net loc:192.168.0.108
> FTP/ACCEPT net loc:192.168.0.3 
> FTP/ACCEPT net loc:192.168.0.8 
> FTP/ACCEPT net loc:192.168.0.105 
> FTP/ACCEPT net loc:192.168.0.106 
> DNAT net loc:192.168.0.109 tcp 25 - 
> 210.0.214.132
> abc/ACCEPT net loc:192.168.0.83 
> 
> VNC/ACCEPT net loc:192.168.0.105
> 
> SSH/ACCEPT net:210.3.33.242-210.3.33.254 loc:192.168.0.102 
> #############################################################
> # Allow connection from local network to firewall #
> #############################################################
> SSH/ACCEPT loc $FW
> Ping/ACCEPT loc $FW 
So you are not accepting Ping from loc1->$FW? Can you
''clients'' ping the
firewall if you add:

Ping/ACCEPT loc1 $FW
>
#############################################################################
> # Allow connection from firewall to the internet and local network #
>
#############################################################################
> Ping/ACCEPT $FW loc
Ditto here... If you add:

Ping/ACCEPT $FW loc1

Then can the firewall ping hosts in the loc1 zone?

> Ping/ACCEPT $FW net 
> #DNS/ACCEPT $FW net
> #########################################################################
> # Reject Ping from the internet and prevent your log from being flooded.#
> #########################################################################
> Ping/DROP net $FW 
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Your rules file doesn''t mention the ''loc1'' zone at
all and your policies
forbid any access to that zone. So communication to/from
''loc1'' is not
possible with Shorewall started. Do you really need the ''loc1''
zone? See
http://www.shorewall.net/Multiple_Zones.html
> 
> hosts:
> #ZONE HOST(S) OPTIONS
> loc1 eth0:10.0.15.0/24
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
> 
> interface:
> #ZONE INTERFACE BROADCAST OPTIONS
> net eth1 detect 
> tcpflags,routefilter,nosmurfs,norfc1918
> loc eth0 detect tcpflags,detectnets,nosmurfs
The ''detectnets'' option isn''t appropriate when you
have two zones
connected through the same interface.
> vpn tun0
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 
> masq:
> #ZONE INTERFACE BROADCAST OPTIONS
> net eth1 detect 
> tcpflags,routefilter,nosmurfs,norfc1918
> loc eth0 detect tcpflags,detectnets,nosmurfs
> vpn tun0
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 
That can''t possibly be your /etc/shorewall/masq file -- it is an exact
copy of what you posted for /etc/shorewall/interfaces!

Please provide the information requested above and we will try to help.

-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Wilson Kwok wrote:
> 1) The IP address of the system that you were trying to
>     connect from.
>    
>      I can connect to school NATed server from home.
>     
>  2) The IP address of the system that you were trying to
>     connect to.
>    
>       All clients can''t connect to world , except all servers with
NAT.
>   
>  3) What happened (timeout? connection refused? ...)
> 
>     I was checked the /var/log/messages, but there no timeout, connection  
refused etc.
>   
Can someone who speaks and writes fluent English and Chinese (Cantonese,
I presume) please help here? Obviously, Wilson and I are not communicating.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Wilson Kwok wrote:
> Dear Tome Eastep.
>    
>   Thank your reply, I sent the attached file to this account
teastep@shorewall.net.
> 
Wilson,

Please don''t send me anything personally. If you do that, no one on
this
list learns anything and I get very annoyed. I AM NOT A PRIVATE HELP
DESK -- if you need one-on-one support then please buy a commercial
firewall.

And please don''t send rar archives; unrar-free (which is the only rar
archive tool that I have) can''t retrieve the files from the archive
that
you sent -- rather, please send compressed (gzip or bzip2) tar archives.

And one more time -- I DON''T WANT YOUR CONFIGURATION FILES -- I WANT
THE
INFORMATION THAT I ASKED FOR.

-Tom

PS -- again, can anyone help translate here?
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Sorry Tom Eastep, I''m from Hong Kong and don''t know the rules
about
  Mailing-list, I used Linux command line to compressed the attached dump file,
  inside also have my school network structure, please take a look.
   
  Thank.
  

Tom Eastep <teastep@shorewall.net> 說：
  Wilson Kwok wrote:
> Dear Tome Eastep.
> 
> Thank your reply, I sent the attached file to this account
teastep@shorewall.net.
> 
Wilson,

Please don''t send me anything personally. If you do that, no one on
this
list learns anything and I get very annoyed. I AM NOT A PRIVATE HELP
DESK -- if you need one-on-one support then please buy a commercial
firewall.

And please don''t send rar archives; unrar-free (which is the only rar
archive tool that I have) can''t retrieve the files from the archive
that
you sent -- rather, please send compressed (gzip or bzip2) tar archives.

And one more time -- I DON''T WANT YOUR CONFIGURATION FILES -- I WANT
THE
INFORMATION THAT I ASKED FOR.

-Tom

PS -- again, can anyone help translate here?
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

im a chinese as well but explaining IT-related terms in chinese is
kinda weird and fun. i rather improving my english to make life easier
a lot. In fact, my chinese is way too worse than my english :P

by the way, i cant understand what Wilson trying to point out as well...

On 8/2/06, Tom Eastep <teastep@shorewall.net>
wrote:
> Wilson Kwok wrote:
> > Dear Tome Eastep.
> >
> >   Thank your reply, I sent the attached file to this account
teastep@shorewall.net.
> >
>
> Wilson,
>
> Please don''t send me anything personally. If you do that, no one
on this
> list learns anything and I get very annoyed. I AM NOT A PRIVATE HELP
> DESK -- if you need one-on-one support then please buy a commercial
> firewall.
>
> And please don''t send rar archives; unrar-free (which is the only
rar
> archive tool that I have) can''t retrieve the files from the
archive that
> you sent -- rather, please send compressed (gzip or bzip2) tar archives.
>
> And one more time -- I DON''T WANT YOUR CONFIGURATION FILES -- I
WANT THE
> INFORMATION THAT I ASKED FOR.
>
> -Tom
>
> PS -- again, can anyone help translate here?
> --
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net''s Techsay panel and you''ll get the
chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
>

-- 
Regards,

Wong Chee Chun
Network Engineer
Softmy Co. Ltd
(http://www.softmy.com)

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Wilson Kwok wrote:
> Sorry Tom Eastep, I''m from Hong Kong and don''t know the
rules about
>   Mailing-list, I used Linux command line to compressed the attached dump
file,
>   inside also have my school network structure, please take a look.
>
Wilson,

Your entry in /etc/shorewall/masq is backwards.

You have:

#INTERFACE      SUBNET          ADDRESS         PROTO   PORT(S) IPSEC
eth0              eth1

It should be:

#INTERFACE      SUBNET          ADDRESS         PROTO   PORT(S) IPSEC
eth1              eth0

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Dear Wong Chee Chun.
   
  Where you from ? Hong Kong or china ?

Wong Chee Chun <cheechun2005@gmail.com> 說：
  im a chinese as well but explaining IT-related terms in chinese is
kinda weird and fun. i rather improving my english to make life easier
a lot. In fact, my chinese is way too worse than my english :P

by the way, i cant understand what Wilson trying to point out as well...

On 8/2/06, Tom Eastep wrote:
> Wilson Kwok wrote:
> > Dear Tome Eastep.
> >
> > Thank your reply, I sent the attached file to this account
teastep@shorewall.net.
> >
>
> Wilson,
>
> Please don''t send me anything personally. If you do that, no one
on this
> list learns anything and I get very annoyed. I AM NOT A PRIVATE HELP
> DESK -- if you need one-on-one support then please buy a commercial
> firewall.
>
> And please don''t send rar archives; unrar-free (which is the only
rar
> archive tool that I have) can''t retrieve the files from the
archive that
> you sent -- rather, please send compressed (gzip or bzip2) tar archives.
>
> And one more time -- I DON''T WANT YOUR CONFIGURATION FILES -- I
WANT THE
> INFORMATION THAT I ASKED FOR.
>
> -Tom
>
> PS -- again, can anyone help translate here?
> --
> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
> Shoreline, \ http://shorewall.net
> Washington USA \ teastep@shorewall.net
> PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net''s Techsay panel and you''ll get the
chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
>

-- 
Regards,

Wong Chee Chun
Network Engineer
Softmy Co. Ltd
(http://www.softmy.com)

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

malaysia

On 8/2/06, Wilson Kwok <leiw324@yahoo.com.hk>
wrote:
>
> Dear Wong Chee Chun.
>
> Where you from ? Hong Kong or china ?
>
> Wong Chee Chun <cheechun2005@gmail.com> 說：
> im a chinese as well but explaining IT-related terms in chinese is
> kinda weird and fun. i rather improving my english to make life easier
> a lot. In fact, my chinese is way too worse than my english :P
>
> by the way, i cant understand what Wilson trying to point out as well...
>
> On 8/2/06, Tom Eastep wrote:
> > Wilson Kwok wrote:
> > > Dear Tome Eastep.
> > >
> > > Thank your reply, I sent the attached file to this account
> teastep@shorewall.net.
> > >
> >
> > Wilson,
> >
> > Please don't send me anything personally. If you do that, no one
on this
> > list learns anything and I get very annoyed. I AM NOT A PRIVATE HELP
> > DESK -- if you need one-on-one support then please buy a commercial
> > firewall.
> >
> > And please don't send rar archives; unrar-free (which is the only
rar
> > archive tool that I have) can't retrieve the files from the
archive that
> > you sent -- rather, please send compressed (gzip or bzip2) tar
archives.
> >
> > And one more time -- I DON'T WANT YOUR CONFIGURATION FILES -- I
WANT THE
> > INFORMATION THAT I ASKED FOR.
> >
> > -Tom
> >
> > PS -- again, can anyone help translate here?
> > --
> > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
> > Shoreline, \ http://shorewall.net
> > Washington USA \ teastep@shorewall.net
> > PGP Public Key \
> https://lists.shorewall.net/teastep.pgp.key
> >
> >
> >
> >
> -------------------------------------------------------------------------
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance
to share
> your
> > opinions on IT & business topics through brief surveys -- and earn
cash
> >
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> >
> > _______________________________________________
> > Shorewall-users mailing list
> > Shorewall-users@lists.sourceforge.net
> >
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
> >
> >
> >
> >
>
>
> --
> Regards,
>
> Wong Chee Chun
> Network Engineer
> Softmy Co. Ltd
> (http://www.softmy.com)
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to
share your
> opinions on IT & business topics through brief surveys -- and earn cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
>  _______________________________________
>  YM - 離線訊息
>  就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
>  http://messenger.yahoo.com.hk
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to
share your
> opinions on IT & business topics through brief surveys -- and earn cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>

-- 
Regards,

Wong Chee Chun
Network Engineer
Softmy Co. Ltd
(http://www.softmy.com)

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Dear Tom Eastep. 
   
  Thank for your reply, now all clients can connect to internet.
   
  To be sorry about the post.
   
   
  Wilson

Tom Eastep <teastep@shorewall.net> 說：
  Wilson Kwok wrote:
> Sorry Tom Eastep, I''m from Hong Kong and don''t know the
rules about
> Mailing-list, I used Linux command line to compressed the attached dump
file,
> inside also have my school network structure, please take a look.
>
Wilson,

Your entry in /etc/shorewall/masq is backwards.

You have:

#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
eth0 eth1

It should be:

#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
eth1 eth0

-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Dear Tom Eastep.
   
  Has another problem, the 10.0.15.0 (loc1) subnet can''t connect to
internet after placed the Shorewall, but the 192.168.0.0 (loc) can connect to
internet.
   
  Thank

Tom Eastep <teastep@shorewall.net> 說：
  Wilson Kwok wrote:
> Sorry Tom Eastep, I''m from Hong Kong and don''t know the
rules about
> Mailing-list, I used Linux command line to compressed the attached dump
file,
> inside also have my school network structure, please take a look.
>
Wilson,

Your entry in /etc/shorewall/masq is backwards.

You have:

#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
eth0 eth1

It should be:

#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
eth1 eth0

-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Wilson Kwok wrote:
> Dear Tom Eastep.
>    
>   Has another problem, the 10.0.15.0 (loc1) subnet can''t connect
to internet after placed the Shorewall, but the 192.168.0.0 (loc) can connect to
internet.
>  
I told you yesterday what is needed there -- please read the message
that I sent yesterday morning again.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tom Eastep.
   
  You meant this post? I already changed the masq file, but the 10.0.15.0 subnet
  still cannot connect to internet, what should I do?
   
   
  Wilson
  Thank 

Tom Eastep <teastep@shorewall.net> 說：
  Wilson Kwok wrote:
> Sorry Tom Eastep, I''m from Hong Kong and don''t know the
rules about
> Mailing-list, I used Linux command line to compressed the attached dump
file,
> inside also have my school network structure, please take a look.
>
Wilson,

Your entry in /etc/shorewall/masq is backwards.

You have:

#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
eth0 eth1

It should be:

#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
eth1 eth0

-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Wilson Kwok wrote:
> Tom Eastep.
>    
>   You meant this post?
No. Go back and read my recent posts to you -- in one, I pointed out
that the ''loc1'' zone couldn''t possibly work.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tom Eastep.
   
  Sorry, I maybe missed the important post, please can you explain again ?
   
   
  Wilson
  Thank

Tom Eastep <teastep@shorewall.net> 說：
  Wilson Kwok wrote:
> Tom Eastep.
> 
> You meant this post?
No. Go back and read my recent posts to you -- in one, I pointed out
that the ''loc1'' zone couldn''t possibly work.

-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Wilson Kwok wrote:
> Tom Eastep.
>    
>   Sorry, I maybe missed the important post, please can you explain again ?
>
Wilson -- It is the same post that explained that I wanted to see the
output of "shorewall dump". Read the whole post -- not just the part
at
the top.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tom Eastep wrote:
> ...
> Wilson -- It is the same post that explained that I wanted to see the
> output of "shorewall dump". Read the whole post -- not just the
part at
> the top.
That just proves that top posting is the best way to have unclear
communication!  ;-)

Paul


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Paul Gear wrote:
> Tom Eastep wrote:
>> ...
>> Wilson -- It is the same post that explained that I wanted to see the
>> output of "shorewall dump". Read the whole post -- not just
the part at
>> the top.
> 
> That just proves that top posting is the best way to have unclear
> communication!  ;-)
> 
Exactly -- I guess top-posters think that everyone else also top-posts so they
quit reading after the responder''s first chunk of text.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tom Eastep wrote:
> Paul Gear wrote:
>> Tom Eastep wrote:
>>> ...
>>> Wilson -- It is the same post that explained that I wanted to see
the
>>> output of "shorewall dump". Read the whole post -- not
just the part at
>>> the top.
>> That just proves that top posting is the best way to have unclear
>> communication!  ;-)
>>
> 
> Exactly -- I guess top-posters think that everyone else also top-posts so
they
> quit reading after the responder''s first chunk of text.
> 
Even though in the case at hand, my first chunk of text appeared after a
three-line quote of Wilson''s original post.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tom Eastep, I read the first post but I really don''t know the problem,
can you help me please, now many users are complaint they can''t access
to the web server in loc1, because this server for new student register.
   
  Btw, our school might merge two different ISP to Shorewall, so I know need 
  learn more thing about Shorewall, the Shorewall guildline already read about
  3 month, or I thing is my learning skill have problem.
   
   
  Wilson
  Thank

Tom Eastep <teastep@shorewall.net> 說：
  Wilson Kwok wrote:
> Tom Eastep.
> 
> Sorry, I maybe missed the important post, please can you explain again ?
>
Wilson -- It is the same post that explained that I wanted to see the
output of "shorewall dump". Read the whole post -- not just the part
at
the top.

-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

I was following this http://www.shorewall.net/Multiple_Zones.html
  but still fail to do the separate, anyone can help ? please
   
   
  Wilson
  Thank
  


Wilson Kwok <leiw324@yahoo.com.hk> 說：
    Tom Eastep, I read the first post but I really don''t know the
problem, can you help me please, now many users are complaint they
can''t access to the web server in loc1, because this server for new
student register.
   
  Btw, our school might merge two different ISP to Shorewall, so I know need 
  learn more thing about Shorewall, the Shorewall guildline already read about
  3 month, or I thing is my learning skill have problem.
   
   
  Wilson
  Thank

Tom Eastep <teastep@shorewall.net> 說：
  Wilson Kwok wrote:
> Tom Eastep.
> 
> Sorry, I maybe missed the important post, please can you explain again ?
>
Wilson -- It is the same post that explained that I wanted to see the
output of "shorewall dump". Read the whole post -- not just the part
at
the top.

-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

  _______________________________________
YM - 離線訊息
就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
http://messenger.yahoo.com.hk-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users



 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Wilson Kwok wrote:
> I was following this http://www.shorewall.net/Multiple_Zones.html
> but still fail to do the separate, anyone can help ? please
>
Remove ALL references to loc1 -- just remove the zone completely from
/etc/shorewall/zones and /etc/shorewall/hosts (and from any other files you have
added it to since you sent me your configuration).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tom Eastep.
   
  I has follow your instruction when I go back to school this morning, I
commented the hosts and zones files where I was added the loc1 zone, now
  loc1 still can''t connect internet which I use IE to explore, I
checked all files is only hosts and zones files was added.
   
   
  Wilson
  Thank

Tom Eastep <teastep@shorewall.net> 說：
  Wilson Kwok wrote:
> I was following this http://www.shorewall.net/Multiple_Zones.html
> but still fail to do the separate, anyone can help ? please
>
Remove ALL references to loc1 -- just remove the zone completely from
/etc/shorewall/zones and /etc/shorewall/hosts (and from any other files you have
added it to since you sent me your configuration).

-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Wilson Kwok wrote:
> Tom Eastep.
>    
>   I has follow your instruction when I go back to school this morning, I
commented the hosts and zones files where I was added the loc1 zone, now
>   loc1 still can''t connect internet which I use IE to explore, I
checked all files is only hosts and zones files was added.
> 
Wilson -- I''m leaving shortly to visit my family for the weekend. If
you
collect the output of "shorewall dump" again (following the same
instructions as before) then I will take a quick look at it.

But Wilson, you really have to take responsibility for your own success.
If you can''t perform basic troubleshooting of your own firewall then
you
are going to fail.

Your questions indicate that you have little understanding of Shorewall
or how it works and we cannot continue to debug all of your problems for
you. We are here to help you; we are not here to do your job for you.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tom Eastep.
   
  Yes, I know always annoyed you, why I have interesting to use Shorewall 
   
  because has powerful functions, our school don''t want spend money and
I don''t
   
  want use iptables. I had exp on many firewall such like sonicwall, watchguard,
   
  netscreen and cisco router etc but the Shorewall static route logic not same
as
   
  them, so I re-read the Shorewall guildline many time and still fail on its.
   
  Before our school is using Watchguard but it has some problem so I want 
   
  replace it by Shorewall.
   
  Otherwise, I think the static route problem is not the cisco router problem 
   
  because I could not configure long time ago.
   
  P.S. Please see the attached
   
  Wilson
  Thank
   
   
   
   
  by Shorewall, 
  
ewall.net> 說：
  Wilson Kwok wrote:
> Tom Eastep.
> 
> I has follow your instruction when I go back to school this morning, I
commented the hosts and zones files where I was added the loc1 zone, now
> loc1 still can''t connect internet which I use IE to explore, I
checked all files is only hosts and zones files was added.
> 
Wilson -- I''m leaving shortly to visit my family for the weekend. If
you
collect the output of "shorewall dump" again (following the same
instructions as before) then I will take a quick look at it.

But Wilson, you really have to take responsibility for your own success.
If you can''t perform basic troubleshooting of your own firewall then
you
are going to fail.

Your questions indicate that you have little understanding of Shorewall
or how it works and we cannot continue to debug all of your problems for
you. We are here to help you; we are not here to do your job for you.

-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Wilson Kwok wrote:
> Tom Eastep.
>   Yes, I know always annoyed you, why I have interesting to use Shorewall 
>   because has powerful functions, our school don''t want spend
money and I don''t
>   want use iptables. I had exp on many firewall such like sonicwall,
watchguard,
>   netscreen and cisco router etc but the Shorewall static route logic not
same as
>   them, so I re-read the Shorewall guildline many time and still fail on
its.
>    
>   Before our school is using Watchguard but it has some problem so I want 
>   replace it by Shorewall.
>  
Wilson,

According to what you have told us, 10.0.15.0/24 is your
''loc1'' zone.
You do not have a route out of your local interface (eth0) to that network.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tom Eastep wrote:
> 
> According to what you have told us, 10.0.15.0/24 is your
''loc1'' zone.
> You do not have a route out of your local interface (eth0) to that network.
> 
>
Have you made any progress?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tom Eastep.
   
  Sorry, the 10.0.15.0 (loc1) still cannot connect to internet, I has following
your
   
  instruction to remove related loc1 in zones and hosts file, and added one 
   
  static route in /etc/rc.d/rc.local as:
   
  echo 1 > /proc/sys/net/ipv4/ip_forward
   
  route add -net 10.0.15.0 netmask 255.255.255.0 dev eth0 gw 192.168.0.5 
   
   
  route info:
   
  Destination Gateway Genmask Flags Metric Ref Use Iface 
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 
210.0.214.0 * 255.255.255.0 U 0 0 0 eth1 
10.0.15.0 192.168.0.5 255.255.255.0 UG 0 0 0 eth0 
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 
default 210.0.214.254 0.0.0.0 UG 0 0 0 eth1 


  Wilson
  Thank

Tom Eastep <teastep@shorewall.net> 說：
  Tom Eastep wrote:
> 
> According to what you have told us, 10.0.15.0/24 is your
''loc1'' zone.
> You do not have a route out of your local interface (eth0) to that network.
> 
>
Have you made any progress?

-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Wilson Kwok wrote:
> Tom Eastep.
>    
>   Sorry, the 10.0.15.0 (loc1) still cannot connect to internet

Wilson -- I''m going to give you one final piece of advice. I''m
going to
suggest you read the following article until you understand it.

http://catb.org/~esr/faqs/smart-questions.html

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tom Eastep wrote:
> Wilson Kwok wrote:
>> Tom Eastep.
>>    
>>   Sorry, the 10.0.15.0 (loc1) still cannot connect to internet
> 
> 
> Wilson -- I''m going to give you one final piece of advice.
I''m going to
> suggest you read the following article until you understand it.
> 
> http://catb.org/~esr/faqs/smart-questions.html
And so you can''t overlook it, here is a link to the Chinese translation

http://linux.tcpip.com.cn/forum/smart-questions.html

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Wilson Kwok wrote:
> 
>  
> static route in /etc/rc.d/rc.local as:
>  
> echo 1 > /proc/sys/net/ipv4/ip_forward
I don''t know what you do that rather than just set IP_FORWARDING=On in
/etc/shorewall/shorewall.conf
>  
> route add -net 10.0.15.0 netmask 255.255.255.0 dev eth0 gw 192.168.0.5
>
rc.local is way too late in the boot sequence -- the route needs to be there
when Shorewall starts. You should be using your Distribution''s network
configuration tools to configure this route.

The way that you have it now, Shorewall would have to be restarted after boot up
before loc1 would have internet access.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Tom Eastep,
   
  The static route successfully created, I added its in
/etc/sysconfig/network-script/route-eth0, then rebooted the system 10.0.15.0
subnet can connect to internet.
   
  However, thank your suggestion :)

Tom Eastep <teastep@shorewall.net> 說：
  Wilson Kwok wrote:
> 
> 
> static route in /etc/rc.d/rc.local as:
> 
> echo 1 > /proc/sys/net/ipv4/ip_forward
I don''t know what you do that rather than just set IP_FORWARDING=On in
/etc/shorewall/shorewall.conf
> 
> route add -net 10.0.15.0 netmask 255.255.255.0 dev eth0 gw 192.168.0.5
>
rc.local is way too late in the boot sequence -- the route needs to be there
when Shorewall starts. You should be using your Distribution''s network
configuration tools to configure this route.

The way that you have it now, Shorewall would have to be restarted after boot up
before loc1 would have internet access.

-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 _______________________________________
 YM - 離線訊息
 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。
 http://messenger.yahoo.com.hk

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Wilson Kwok wrote:
> Tom Eastep,
>  
> The static route successfully created, I added its in
> /etc/sysconfig/network-script/route-eth0, then rebooted the system
> 10.0.15.0 subnet can connect to internet.
>  
Excellent!
> However, thank your suggestion :)
> 
You''re welcome.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642