Tom Eastep wrote: > Mark Allison wrote: >> Hi there, >> >> I have moving from a two-interface set-up to a three-interface set-up >> where the third interface will be a DMZ. My shorewall is version >> 4.0.15 on Debian Lenny and has the following interfaces: >> >> eth0 loc 10.0.0.3 >> eth1 net dhcp >> eth2 dmz 10.0.10.3 >> >> I'm trying to ping from a machine on the local network 10.0.0.6 to >> 10.0.10.1 and I get destination unreachable. >> I'm trying to ping from a machine on the DMZ network 10.0.10.1 to >> 10.0.10.3 and I get destination unreachable. >> >> Could someone please help me find out what's wrong with my setup? I've >> attached a shorewall dump. Is there anything else you need to help me >> troubleshoot? > > Before we start looking at the Shorewall configuration, does this local > traffic all pass perfectly if you temporarily 'shorewall clear'? (be > sure to 'shorewall start' after testing). > > From a quick look at the dump, I suspect that your problem has nothing > to do with Shorewall.
Okay -- I took a closer look and it appears that you haven't defined either eth2 or the dmz to Shorewall at all! I notice that you are running Debian and Debian users can't seem to resist using /etc/init.d/shorewall to restart Shorewall. This is really too bad because the Debian init script is totally silent when restart fails. I suspect that you are getting a syntax error during compilation which will be immediately obvious when you use 'shorewall restart' rather than the init script. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
