2009/3/20 Tom Eastep <[email protected]>
> Thomas Mørch wrote:
> > I just did an hw upgrade on my FW (new cpu, mb etc.) but without
> > reinstall of my debian system.
> >
> > but after my upgrade I can't get access to the internet through the fw.
> >
> > 1. I can ping the FW from loc,
> > 2. I can ping net from FW
> > 3. I can't ping loc from FW? (ICMP host unreachable)
> > 4. I can access the apache server running on FW from both loc and net
>
> Can you do any of these things if you disable Shorewall (shorewall clear)?
>
I tried to ping a host on loc, without shorewall loaded (shorewall clear),
and it worked fine.
After I started shorewall I get : "From 192.168.2.12 icmp_seq=1 Destination
Port Unreachable"
192.168.2.12 is the firewalls loc ip address. I tried to ping 192.168.2.20
on my loc net.
>
> The only Shorewall-related issue I see in the dump is that you don't
> have IP_FORWARDING=Yes in shorewall.conf but that doesn't explain most
> of your problems. Sounds like you have a more basic IP configuration
> problem.
>
Hmm.. I'll try to change the IP_FORWARDING from KEEP to On tomorrow, could
the default value of /proc/sys/net/ipv4/ip_forward have been changed by a
kernel recompilation? (recompiled the kernel for the new hardware setup, but
everything else is left as the old PC..)
/ Thomas
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
