-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/31/2009 02:07 PM, Surge wrote: > He's the short I have a Dns Server running on my firewall box, as you > can see below I'm allowing all my clients on the local subnet to > reach the $fw box to resolve the DNS but the firewall thinks it's NET > traffic not LOC traffic. Any suggestions. > > Running Suse 11 with Shorewall 4.2 w/perl. Tried 4.4 and the same > issue, HELP!!!!! > > ----------------Firewall Log ---------------- > > Aug 31 16:51:24 fw22 kernel: Shorewall:net2fw:DROP:IN=eth5 OUT= > MAC=00:0c:29:74:9c:0c:08:00:20:b2:5f:db:08:00 SRC=10.1.50.14 > DST=10.1.50.7 LEN=57 TOS=0x00 PREC=0x00 TTL=255 ID=32302 DF PROTO=UDP > SPT=53289 DPT=53 LEN=37
That traffic is entering your firewall on eth5 which isn't even mentioned in your interfaces file. Do you have the local network bridged to an unused firewall interface? - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkqcPeoACgkQO/MAbZfjDLIbwwCfcBXCWeBmhmc5brInXpIaQq1h B2MAnRhyz3wmiVLPUg+Oa7Z5pMPHsdoE =s4HK -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
