Simon Gomizelj wrote: > However when I try to ping anything, say google.com, I get rejected and lines > like this in my log: > >> Shorewall:loc2fw:REJECT:IN=ath0 OUT= MAC=..... SRC=10.0.0.2 DST=10.0.0.1 ....
See Shorewall FAQ 17 -- it tells you how to interpret these messages. Note the "DST=10.0.0.1". That means that the DESTINATION IP ADDRESS IS 10.0.0.1. That is NOT an IP address used by google.com. That is an IP address reserved by RFC 1918 and is likely an IP address used by your firewall. So either DNS name resolution is completely broken or you have some sort of unwise DNAT rule. > > So something is misconfigured because its looking in $FW for google. When I > change the policy line from: > >> loc $FW REJECT info > to >> loc $FW ACCEPT > > Suddenly the machine can get google's ip, but it still can't ping it. What does 'can get google's IP' mean? I guess it means that DNS resolution from the source host now works? So does that change the log messages when you try to ping? > I don't > know what files would be important to post here, or what would be helpful, To post on this list, you must subscribe to the list. When you subscribed, you received a welcome post that instructed you to read http://www.shorewall.net/support.htm before posting. I'm guessing that you didn't do that. http://www.shorewall.net/support.htm asks that for connection problems, you post the output of "shorewall dump" collected in a particular way and accompanied by certain information that is useful in diagnosing your problem. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
