On Sun, 2007-10-28 at 17:16 -0600, Hans Fugal wrote: > On Sat, 27 Oct 2007 at 15:18 -0600, Kenneth Burgener wrote: > > As I mentioned I am fronting iptables with shorewall (to make the > > configuration easier). > > There's your first mistake. I'm in the minority I think, but IMHO > shorewall and friends are more trouble than they're worth. This > problem serves as a case in point.
In general, I agree with this. But whatever you use, make sure iptables has a debugging mode where everything is logged before dropped. It's likely you will be able to look at your logs, see what is being dropped, and make changes to fix it. Good luck. Gabe /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
