David wrote:In the future, please send your problem report to the Shorewall Users list. If you are paranoid about posting your configuration to the list, you can send the dump OUTPUT to [EMAIL PROTECTED]
I recently installed Engarde Secure Linux, version 3.0.18.i868, on an HP Pavilion 523n desktop PC. Has an AMD Athlon 2200+ processor. Nothing else is installed on the machine. Can't get NAT working.
I think NAT is working fine -- the problem appears to be that you haven't configured your firewall rules to allow DNS.
From the log:Feb 17 11:28:08 fw2ext:REJECT:IN= OUT=eth0 SRC=72.90.81.14 DST=68.237.161.12 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=5339 DF PROTO=UDP SPT=32768 DPT=53 LEN=50 Feb 17 11:28:10 int2fw:REJECT:IN=eth1 OUT= SRC=192.168.1.45 DST=192.168.1.1 LEN=59 TOS=0x00 PREC=0x00 TTL=128 ID=24304 PROTO=UDP SPT=1212 DPT=53 LEN=39
The machine came with a Nic built in and I
installed an additional card to use as the external connection. Engarde sees both cards and configures them properly. The overall install is flawless, no problems, but again, no NAT. I'm using static IPs internally and externally. Engarde comes with version 3.2 of Shorewall. I downloaded your document 'Basic Two-Interface Firewall' and made a few changes to Engardes setup. Namely, in /etc/shorewall/interfaces I replaced the 'detect' with the actual IP addresses, in /etc/shorewall/masq I added the external IP address to the 3rd column and in /etc/shorewall/shorewall.conf I set ADD_SNAT_ALIASES=Yes.
It appears that you are running a DNS server on your firewall yet you haven't enabled DNS from the local net (int zone) to the firewall or from the firewall to the internet (ext zone).
Made no difference. In /etc/shorewall/shorewall.conf I then set CLAMPMSS=Yes. Again, no difference. My external connection consists of a Verizon Fios fiber optic line. I'm not sure of the connectivity issue that's why I tried the CLAMPMSS. My previous connection was a DSL line and that was PPPoE. This new line comes into a box and is converted to a standard RJ45 jack.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
