Re: [Security Firewall] aargh. odd routing problem

[Tim]

thanks for the response. I have a t-1 router whose ethernet interface 
is directly connected to the wan interface on the MNF and a /25 subnet 
of real addresses on the LAN side of the MNF. There are 4 computers 
connected locally to the hub and 6 wireless clients connected thru a 
wireless bridge to the same hub.

prior to connecting the MNF these clients were all successfully 
connected to the t-1 router.  The odd part of this setup is that the 
routable addresses are behind the firewall and the wan interface is 
actually a 192 address since this connects back to our primary CO . I'm 
a small ISP in southwestern Colorado.

the results of the requested command:
[EMAIL PROTECTED] admin]# grep -v ^$ 
/etc/shorewall/{zones,interfaces,masq,tunnels,policy,rules}|grep -v :#
/etc/shorewall/zones:lan        LAN     local_area_network
/etc/shorewall/zones:dmz        DMZ     demilitarized_zone
/etc/shorewall/zones:wan        NET     internet
/etc/shorewall/interfaces:wan   eth0    detect  routestopped
/etc/shorewall/interfaces:lan   eth1    detect  dhcp,routestopped
/etc/shorewall/policy:all       all     ACCEPT  info
/etc/shorewall/rules:ACCEPT     fw      wan     tcp     53      -
/etc/shorewall/rules:ACCEPT     fw      wan     udp     53      -
/etc/shorewall/rules:ACCEPT     dmz     wan     udp     53      -
/etc/shorewall/rules:ACCEPT     lan     wan     udp     53      -
/etc/shorewall/rules:REJECT     wan     fw      tcp     113     -
/etc/shorewall/rules:ACCEPT     lan     fw      tcp     22      -
/etc/shorewall/rules:ACCEPT     lan     fw      tcp     8443    -
/etc/shorewall/rules:ACCEPT     fw      lan     icmp    8       -
/etc/shorewall/rules:ACCEPT     lan     fw      icmp    8       -
/etc/shorewall/rules:ACCEPT     lan     dmz     icmp    8       -
/etc/shorewall/rules:ACCEPT     dmz     lan     icmp    8       -
/etc/shorewall/rules:ACCEPT     dmz     fw      icmp    8       -
/etc/shorewall/rules:ACCEPT     fw      dmz     icmp    8       -
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     pop3    -
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     smtp    -
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     http    -
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     https   -
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     ssh     -
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     ftp     -
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     nntp    -
/etc/shorewall/rules:ACCEPT     fw      wan     udp     ntp     -
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     imap    -
/etc/shorewall/rules:ACCEPT     fw      wan:20022       tcp     ftp     
-
/etc/shorewall/rules:ACCEPT     lan     fw      udp     53      -
/etc/shorewall/rules:ACCEPT     lan     fw::3328        tcp     www     
-       all
/etc/shorewall/rules:ACCEPT     fw      wan     tcp     www     -

Hope this helps
Tim Taplin

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________