Hi I figured out my prob. Even thou i set up the option "option domain-name-servers 192.168.0.1;" in my dhcpd.conf, all my windows based clients thought it was smart to use another dns server. (my mac notebook worked just fine) I manualy changed all of their dns-servers now to the router ip and everything works fine.
Thanks guys Toralf Am 28.03.2007 um 18:52 schrieb Prasanna Krishnamoorthy: > In the dump you sent, I see > tcp 6 431984 ESTABLISHED src=192.168.0.11 dst=209.85.129.147 > sport=1092 dport=80 packets=5 bytes=711 src=209.85.129.147 > dst=89.62.111.143 sport=80 dport=1092 packets=4 bytes=2376 [ASSURED] > mark=0 use=1 > > which implies that the connection was established and packets > exchanged. > > However, I don't see any other established connections from > 192.168.0.11. > > Can you check syslog or shorewall.log to see if packets are getting > dropped for any reason? > > A tcpdump on eth1 might be useful. > > tcpdump -n -i eth1 host 192.168.0.11 > > and then try to open a webpage from 192.168.0.11 > > Prasanna. > > On 3/28/07, Toralf Niebuhr <[EMAIL PROTECTED]> wrote: >> i added this line >>>> loc loc ACCEPT >> because i din't know if the firewall could/would do anything if i >> want to send file from one client to another. >> >> and those are ok (i think so) >>>> loc fw ACCEPT >>>> fw all ACCEPT >> because i know exactly what service are runing on my server an i >> didn't want to bother writing rules for each one of them. >> >> Am 28.03.2007 um 18:30 schrieb David Mohr: >> >>> Hi, >>> a little OT, but I think worth pointing out: >>> >>> On 3/28/07, Toralf Niebuhr <[EMAIL PROTECTED]> wrote: >>>> I have multiple cients in my network and a server with >>>> dhcp,shorewal,.... >>>> I wanted the server to be a realy tight firewall. >>>> >>>> so i created this /etc/shorewall/policy file >>>> >>>> loc net DROP >>>> loc loc ACCEPT >>>> loc fw ACCEPT >>>> fw all ACCEPT >>>> net all DROP >>>> all all REJECT >>> >>> You do realize that this is really not a tight firewall. Giving your >>> whole local network access to anything on the firewall is not a good >>> idea. Also, for a 'tight' system, I would restrict outgoing requests >>> from the firewall, at least to the net. And why do you have a >>> 'loc loc >>> ACCEPT' policy? Wouldn't that be only needed for bridges? >>> >>> You might be ok with your current setup, and I don't mean to >>> criticize, but please don't call it tight :-) >>> >>> ~David >>> >>> -------------------------------------------------------------------- >>> -- >>> --- >>> Take Surveys. Earn Cash. Influence the Future of IT >>> Join SourceForge.net's Techsay panel and you'll get the chance to >>> share your >>> opinions on IT & business topics through brief surveys-and earn cash >>> http://www.techsay.com/default.php? >>> page=join.php&p=sourceforge&CID=DEVDEV >>> _______________________________________________ >>> Shorewall-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >> --------------------------------------------------------------------- >> ---- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to >> share your >> opinions on IT & business topics through brief surveys-and earn cash >> http://www.techsay.com/default.php? >> page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Shorewall-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
