On 12/27/10 9:36 AM, Tom Eastep wrote: > On 12/27/10 8:06 AM, [email protected] wrote: >> From: Tom Eastep <[email protected]> >> Date: Sun, 26 Dec 2010 20:17:39 -0800 >>> 'shorewall show zones' >> >> joule:/etc/shorewall# shorewall show zones >> Shorewall 4.4.11.6 Zones at joule - Mon Dec 27 08:20:36 PST 2010 >> >> fw (firewall) >> net (ipv4) >> MainBoard:0.0.0.0/0 >> loc (ipv4) >> Loc+:0.0.0.0/0 >> vpn (ipv4) >> tun0:0.0.0.0/0 > > Peter, > > The log message you posted is: > > Dec 26 18:32:48 joule kernel: [10586.307679] > Shorewall:FORWARD:REJECT:IN=LocACS29H901847 OUT=LocPCI1 SRC=172.23.5.2 > DST=172.23.4.2 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=5498 PROTO=TCP > SPT=1120 DPT=21 WINDOW=8192 RES=0x00 SYN URGP=0 > > The input interface is LocACS29H901847 and the output interface is > LocPCI1 (You did read Shorewall FAQ 17, right?). Do you see either of > those interfaces in the output of 'shorewall show zones'? > > Hint: *All* interfaces on the firewall that have an IPv4 address *must* > be defined in /etc/shorewall/interfaces and *must* be associated with a > zone, either in /etc/shorewall/interfaces or in /etc/shorewall/hosts.
Duh -- My sincere apologies. I missed the LOC+. What I suspect that you need the 'routeback' OPTION in the /etc/shorewall/interfaces entry for LOC+. -Tom -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
