Tom Eastep wrote: > Tom Eastep wrote: >> Johannes Graumann wrote: >>> Tom Eastep wrote: >>>> Then the output of "shorewall dump" (compressed) would be helpful. >>> Attached. Thanks for your time! >>> >> >> /proc >> ... >> /proc/sys/net/ipv4/ip_forward = 0 >> >> >> Looks like you need to check IP_FORWARDING again. > > And be sure that something else in the Etch configuration isn't resetting > forwarding. See if the above turns to '1' after a '/sbin/shorewall > restart'; if so, it could be that it's being reset by another reboot step.
So here it is: > reboot > grep IP_FORWARD /etc/shorewall/shorewall.conf IP_FORWARDING=Yes > less /proc/sys/net/ipv4/ip_forward 0 > shorewall restart > less /proc/sys/net/ipv4/ip_forward 0 > shorewall stop > less /proc/sys/net/ipv4/ip_forward 0 > shorewall clear > less /proc/sys/net/ipv4/ip_forward 1 > shorewall start > less /proc/sys/net/ipv4/ip_forward 1 This, I suppose, implies that something is mocking with that ip_forward bit after shorewall has run (?). Only other ipfilter related piece of software I run is fail2ban - which to my knowledge did not change in conjunction with this recent problematic shorewall update. I will have to investigate whether that's the troublemaker. Any pointers on how to actually figure out what's changing the ip_forward? Thanks for any insight, Joh ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
