Shorewall users - Jun 2008 - no access with 2 NIC

Hello All ,

below is my setup and problem i am facing is mention at end

-----------------------------------------

eth7 Link encap:Ethernet HWaddr 00:80:AD:6B:E3:7B

inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0


eth9 Link encap:Ethernet HWaddr 00:15:E9:A5:71:43

inet addr:121.246.X.X Bcast:121.246.217.255 Mask:255.255.255.0


cat /etc/shorewall/interfaces


net eth9 detect

loc eth7 192.168.0.1


cat /etc/shorewall/zones


net ipv4

loc ipv4

fw firewall



cat /etc/shorewall/masq


eth7 192.168.0.0/255.255.255.0


cat /etc/shorewall/rules


#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/

## PORT(S) PORT(S) DEST LIMIT GROUP

#SECTION ESTABLISHED

#SECTION RELATED

INCLUDE rules.drakx

ACCEPT loc fw 53

ACCEPT loc:192.168.0.240 net all

REDIRECT loc 3128 tcp www - !192.168.0.240

REDIRECT loc 3128 tcp 80 -

#

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE


cat /etc/shorewall/rules.drakx

ACCEPT net fw udp 53 -

ACCEPT net fw tcp 80,443,53,22,20,21,25,109,110,143 -

ACCEPT loc fw tcp 80,443,53,22,20,21,25,109,110,143 -

ACCEPT net fw icmp 8 -


this same server is running Transparent squid .


All was working fine before 2 days , and suddenly we changed the one
Damage NIC (internal early it was eth5 , now with new NIC it is eth7)


Now one from my LAN is able to ping single web site , neither we can use
thunder bird / out look , only firefox is workign to open our web mails
and sites.


Kindly help where i am missing something , as i read Lots of articles
but nothing seems worked out .


Thanks to All

when i treid pinging from 192.168.0.20


[cspl@zealot /]# ./p

PING gmail.com (64.233.171.83) 56(84) bytes of data.


--- gmail.com ping statistics ---

404 packets transmitted, 0 received, 100% packet loss, time 403174ms


i got above 100% packet loss.


But shorewall can ping any site from firwall server.



-- 
======================================================With Best Regards

Mr.Shailesh Bhutada
======================================================

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php

kernel.2k5 wrote:
> Now one from my LAN is able to ping single web site , neither we can use
> thunder bird / out look , only firefox is workign to open our web mails
> and sites.
> 
> 
> Kindly help where i am missing something , as i read Lots of articles
> but nothing seems worked out .
It''s unfortunate that you didn''t read
http://www.shorewall.net/support.htm
-- it describes the information we need to solve your problem quickly.

I suspect that you may be running Debian or one of its derivatives and that 
you haven''s set IP_FORWARDING=On in shorewall.conf. If that is not the
case,
then please collect and forward the output of "shorewall dump" as
described
at the support link which I gave you above.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php

kernel.2k5 wrote:
> cat /etc/shorewall/interfaces 
 >
> net eth9 detect
> 
> loc eth7 192.168.0.1
192.168.0.1 is NOT the broadcast address for the local network! Accorting to 
your masq entry, it is 192.168.0.255.
>
> cat /etc/shorewall/masq
> 
> eth7 192.168.0.0/255.255.255.0
That should be *eth9*, not *eth7*.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php