Shorewall users - Nov 2009 - Can't access external network after reboot of debian fw.

Hi all,

I have a network problem. I have a debian squeeze (Testing) computer serving as
a router/firewall (fw). It has two interfaces eth0 (loc) and eth1 (net). After I
configured shorewall and started it, everything seemed to work as intended.
Using the website shields up I checked if the port I wanted to be open was open
(and the rest was closed). In addition, I could use all networkservices
(internet/mail/IRC) on my desktop computers in
the loc domain and from fw (as intended).

After I performed a reboot on my fw, I could not access the external network
anymore. Things I checked:
Shorewall started without errors. 
In the shorewall log I saw entries of my computers both in loc and fw that tried
to access the DNS of my provider (see attached shorewall dump) but whose
connections were rejected.
I performed a shorewall clear but I still could not access the internet from the
fw.
All connections between loc and fw work as intended. 
Since the log showed problems reaching the DNS, I tried to access www.google.com
by ip-address. This timed out. I then tried a traceroute to the same ip-address.
The trace could get beyond my fw, but was slow. However, pinging
doesn''t work (or times out).

I have followed the quick guide for configuring my setup. I changed eth0 in eth1
and vice verse when necessary, since eth0 is local in my setup. I payed
attention to the debian-specific points mentioned in the guide. I checked the
faq and troubleshooting guides but unfortunately I couldn''t see a way
to solve my problem. Probably, I misconfigured something, but I can''t
find it.

Any help/suggestions would be appreciated.

Regards,

Robert 		 	   		  
_________________________________________________________________
25GB gratis online harde schijf
http://skydrive.live.com


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what''s new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

Robert van den Berg wrote:
> 
> Any help/suggestions would be appreciated.
Your problem has nothing to do with Shorewall. You have configured a
silly default route out of eth0 (your local interface); remove that
route and everything will work.

Unless you have multiple internet connections, your firewall must have
exactly one default route (through your ISPs gateway router).

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what''s new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

Cheers that solved it. I figured I did something stupid, however I
couldn''t find what.

Thanks!

Robert
> Date: Sun, 22 Nov 2009 09:16:23 -0800
> From: teastep@shorewall.net
> To: shorewall-users@lists.sourceforge.net
> Subject: Re: [Shorewall-users] Can''t access external network after
reboot of	debian fw.
> 
> Robert van den Berg wrote:
> 
> > 
> > Any help/suggestions would be appreciated.
> 
> Your problem has nothing to do with Shorewall. You have configured a
> silly default route out of eth0 (your local interface); remove that
> route and everything will work.
> 
> Unless you have multiple internet connections, your firewall must have
> exactly one default route (through your ISPs gateway router).
> 
> -Tom
> -- 
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
> 
 		 	   		  
_________________________________________________________________
Kakker, Party of Nerd: download ze gratis voor in je Messenger
http://buddytest.rulive.nl/default.aspx?src=taglines

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what''s new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july