Maybe I have missed something easy. So, before I post my dump etc, i wanted to see if I could explain the problem and get pointed to a direction I can go dig into.
On my Gentoo Linux 2.6.20 kernel iptables firewall with Shorewall 3.4.2. I have two onboard ports and two PCIx cards with 2 ports each. So, eth0-eth4 are used. eth0 is the internet connection from our ISP's switch. eth4 is a DMZ with 1 machine connected, zone called web4. That machine has an internal address of 10.4.4.4. >From an external system (my house) I can connect to the web server on that system in web4 and everything to works correctly. I can browse the web server with no problems. The problem is, from that system (web4) I cannot connect to any system outside the firewall. After running tcpdump on the fw and my destination server (which is another system on the internet) I see that the source IP address is 10.4.4.4. So I realize the packet cannot be returned to 10.4.4.4, because obviously my internet based system does not know how to talk back to the 10.x address. So, the firewall is passing the 10.4.4.4 address out on the internet to my destination address. We had an older Shorewall 1.x running on the firewall at one time, then last Sunday I changed it out with a new box running Gentoo and Shorewall 3.4.2. Have I configured something wrong for Shorewall 3.4.2? I was reading through the man file for shorewall-interfaces I don't have any of the options set like routefilter, logmartians, routeback or proxyarp Maybe I need to set one of these? cat /proc/sys/net/ipv4/conf/eth4/rp_filter 1 cat /proc/sys/net/ipv4/conf/eth0/rp_filter 1 Any help would be greatly appreciated. Thanks Brad B. -- Have Mercy & Say Yeah ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
