Hi, I am running Shorewall 4.011 using mulitple providers. Everything works really well. I am in the process of setting up a demo server for our product. It is running Solaris 10 and will be available for our customers to test. I set this machine up in a DMZ using proxyarp. Access to the machine is working from our lan and the internet as it should. The problem is with access to the internet. Sometimes it works and sometimes it doesn''t. It is really strange. I can resolve hosts using nslookup but when I try to browse using Mozilla it just hangs. Other times, with no changes from me it just works. At the same time the access from external hosts to the machine works with no problems. any ideas will be greatly appreciated thanks in advance ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Andy McGuire wrote:> The problem is with access to the internet. Sometimes it works and > sometimes it doesn''t. > It is really strange. I can resolve hosts using nslookup but when I try > to browse using Mozilla it just hangs. > Other times, with no changes from me it just works. At the same time > the access from external hosts to the > machine works with no problems. any ideas will be greatly appreciatedWhile reports such as this are largely a waste of time without an accompanying Shorewall dump, it rather sounds like you haven''t insured that connections from the proxyarp-ed host go out through the interface that corresponds to its address. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Sorry for the lack of info. I am a little paranoid I guess! I have done a lot of reading in the list and am aware that you would need more info. I guess I am just shy ; ) You are correct, it is something I have overlooked. Thanks for that. I will look into it and if I don''t get any further with it I will report back accompanied with a shorewall dump. Thank you On Fri, Sep 5, 2008 at 4:54 PM, Tom Eastep <teastep@shorewall.net> wrote:> Andy McGuire wrote: > > The problem is with access to the internet. Sometimes it works and >> sometimes it doesn''t. It is really strange. I can resolve hosts using >> nslookup but when I try to browse using Mozilla it just hangs. Other times, >> with no changes from me it just works. At the same time the access from >> external hosts to the >> machine works with no problems. any ideas will be greatly appreciated >> > > While reports such as this are largely a waste of time without an > accompanying Shorewall dump, it rather sounds like you haven''t insured that > connections from the proxyarp-ed host go out through the interface that > corresponds to its address. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer''s > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
just an update...that was it... I modified the tcrules and now I am surfing away.. thanks again for pointing out that oversight On Fri, Sep 5, 2008 at 5:02 PM, Andy McGuire <mickwire@gmail.com> wrote:> Sorry for the lack of info. I am a little paranoid I guess! I have done a > lot of reading in the list and am aware > that you would need more info. I guess I am just shy ; ) You are > correct, it is something > I have overlooked. Thanks for that. I will look into it and if I don''t > get any further with it I will report back > accompanied with a shorewall dump. Thank you > > On Fri, Sep 5, 2008 at 4:54 PM, Tom Eastep <teastep@shorewall.net> wrote: > >> Andy McGuire wrote: >> >> The problem is with access to the internet. Sometimes it works and >>> sometimes it doesn''t. It is really strange. I can resolve hosts using >>> nslookup but when I try to browse using Mozilla it just hangs. Other times, >>> with no changes from me it just works. At the same time the access from >>> external hosts to the >>> machine works with no problems. any ideas will be greatly appreciated >>> >> >> While reports such as this are largely a waste of time without an >> accompanying Shorewall dump, it rather sounds like you haven''t insured that >> connections from the proxyarp-ed host go out through the interface that >> corresponds to its address. >> >> -Tom >> -- >> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >> Shoreline, \ http://shorewall.net >> Washington USA \ teastep@shorewall.net >> PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key >> >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer''s >> challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the >> world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/