Hej, I found the line reported below in my log, that prevents http browsing from local network to a server hosted on the local network as a proxyarped external address 62.243.165.91
from the log: Jan 26 13:16:51 janus kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=192.168.102.110 DST=62.243.165.91 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=53613 DF PROTO=TCP SPT=1311 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 I thought that the rule: ACCEPT loc loc:$JONAS56X all where $JONAS56X is defined in /etc/shorewall/params as JONAS56X=62.243.165.91 would have allowed that. I read in FAQ#17 that a reject in FORWARD chain from/to the same interface is probably due to a missing routeback option in /etc/shorewall/interfaces, I have added that but with no different result. Do you have any other idea of what might be wrong? A gzipped dump file is attached and the FORWARD chain from it is here below: Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 86162 44M eth0_fwd 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0 6582 2878K eth1_fwd 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0 85252 47M eth2_fwd 0 -- eth2 * 0.0.0.0/0 0.0.0.0/0 16 888 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0 12 576 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 12 576 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0 Thanks for any help, Paolo
shorewall.dump20070126_7.gz
Description: Binary data
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
