Thomas Mørch wrote: > > > 2009/3/20 Tom Eastep <[email protected] <mailto:[email protected]>> > > Thomas Mørch wrote: > > I just did an hw upgrade on my FW (new cpu, mb etc.) but without > > reinstall of my debian system. > > > > but after my upgrade I can't get access to the internet through > the fw. > > > > 1. I can ping the FW from loc, > > 2. I can ping net from FW > > 3. I can't ping loc from FW? (ICMP host unreachable) > > 4. I can access the apache server running on FW from both loc and net > > Can you do any of these things if you disable Shorewall (shorewall > clear)? > > > I tried to ping a host on loc, without shorewall loaded (shorewall > clear), and it worked fine. > After I started shorewall I get : "From 192.168.2.12 icmp_seq=1 > Destination Port Unreachable" > 192.168.2.12 is the firewalls loc ip address. I tried to ping > 192.168.2.20 on my loc net.
192.168.2.20 is not in the loc zone. It is in the stat zone and you have not enabled ping from fw->stat. > > > > The only Shorewall-related issue I see in the dump is that you don't > have IP_FORWARDING=Yes in shorewall.conf but that doesn't explain most > of your problems. Sounds like you have a more basic IP configuration > problem. > > > Hmm.. I'll try to change the IP_FORWARDING from KEEP to On tomorrow, > could the default value of /proc/sys/net/ipv4/ip_forward have been > changed by a kernel recompilation? (recompiled the kernel for the new > hardware setup, but everything else is left as the old PC..) > Lenny has apparently made a mess of /proc/sys/net/ipv4/ip_forward -- there are a number of reports of problems in that area. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
