On 7/9/10 9:22 PM, Mark D. Montgomery II wrote: > At this point I'm rather certain my issue is not specific to shorewall, > but likely something lower level that I have configured wrong. > The box is running Proxmox (Debian Lenny basically) as the base. > eth0 is the outside interface connected to the ISP. > eth1 is the lan/bridge physical interface used to connect everything to > the box (internal virtual machines and outside physical machines). > vmbr0 is the bridge interface using eth1 that actual has the IP address. > The box is running bind/dhcpd/etc. as usual. > > Machines (physical and virtual) get IP addresses, etc. just fine. > > The router can connect to the internet just fine. > Lan machines can ping internet machines just fine. > Lan machines can connect to each other just fine. > > That's where the problems start. > Lan machines cannot connect to web pages (normal or ssl), ssh out, > retrieve pop3 mail (the client will authenticate but that's as far as it > gets), etc. > Port forwards are not successfully making a full connection. > > I know it is most likely something terribly simple, but I can't find it. > I've been banging my head on it all evening.
Have you enabled ip forwarding (IP_FORWARDING=On in shorewall.conf)? If so, what is the MTU of eth0? If it is less than 1500 (Comcast has been known to configure MTU=576 on their consumer DHCP setups), then try setting CLAMPMSS=Yes in shorewall.conf. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
