On 12/27/10 8:06 AM, [email protected] wrote: > From: Tom Eastep <[email protected]> > Date: Sun, 26 Dec 2010 20:17:39 -0800 >> 'shorewall show zones' > > joule:/etc/shorewall# shorewall show zones > Shorewall 4.4.11.6 Zones at joule - Mon Dec 27 08:20:36 PST 2010 > > fw (firewall) > net (ipv4) > MainBoard:0.0.0.0/0 > loc (ipv4) > Loc+:0.0.0.0/0 > vpn (ipv4) > tun0:0.0.0.0/0
Peter, The log message you posted is: Dec 26 18:32:48 joule kernel: [10586.307679] Shorewall:FORWARD:REJECT:IN=LocACS29H901847 OUT=LocPCI1 SRC=172.23.5.2 DST=172.23.4.2 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=5498 PROTO=TCP SPT=1120 DPT=21 WINDOW=8192 RES=0x00 SYN URGP=0 The input interface is LocACS29H901847 and the output interface is LocPCI1 (You did read Shorewall FAQ 17, right?). Do you see either of those interfaces in the output of 'shorewall show zones'? Hint: *All* interfaces on the firewall that have an IPv4 address *must* be defined in /etc/shorewall/interfaces and *must* be associated with a zone, either in /etc/shorewall/interfaces or in /etc/shorewall/hosts. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
