On 03/17/2011 07:10 PM, Tom Eastep wrote: > On 3/17/11 4:38 PM, Jay Ridgley wrote: > >> >> OLD runs Ubuntu 8.04 LTS and NEW runs Ubuntu 10.04.2 LTS Shorewall >> versions are 4.0 and 4.4 respectively. >> >> Both systems have three interfaces(net, local and wireless). >> >> Here is what is happening I can ping -c3 yahoo.com no problem. > > From where? Firewall? System inside the firewall? System in your > neighbor's garage?
I am sorry, the problem manifests itself on my laptop which has a wireless connection to my local network. It is from within home (my chair in the living room). The remainder of my systems are all wired. Those systems do not appear to be affected, only the laptop. > >> I can ping inside my local net no problem. I have an IP address that >> was assigned via dhclinet (it is as expected). > > *You* do not have an IP address. Some computer that you are using has an > IP address. Again, inside the firewall? I was referring to my laptop once again. The IP address is the one obtained through the negotiation with the access point from the firewall system. Yes, it is inside the firewall. > >> I bring up my browser and it fails to properly load. > > The binary fails to run or your home page cannot be loaded. The home page, stops loading. The binary is still running. It eventually displays an error screen that states it could not connect to the site. > >> My routes look OK and my IP address is still there. I can no longer >> ping my fierewall. > > You could ping the firewall before you started your browser? > Yes, I am able to ping the firewall before I start the browser. In fact, I am able to obtain an SSH connection the the firewall. >> >> I have checked my configuration files /etc/dhcp3/dhcpd.conf >> /etc/dhcp3/dhclient.conf and /etc/interfaces are the same (I used >> diff on them). I am going to do the same for each of the >> configuration file in Shorewall before I send this. There were only >> the differences that were expected. > > Did you go through the 4.0->4.4 migration document > (http://www.shorewall.net/LennyToSqueeze.html) and assess each potential > problem against your configuration? Yes, I did make some corrections based upon that review, however, there were only two or three of them. > >> >> PLEASE take a peek at it and let me know if you see anything amiss. >> >> If you need anything else please let know. >> > > There seem to be lots of connections passing through the Shorewall box? > Is this problem limited to you (your personal system) or are all users > on the LAN or wireless networks affected? Are the number of these connections abnormal? My wireless connection should only be coming from my 192.168.139.32/28 subnet the allowed hosts are within 192.168.139.35 through 192.168.139.39 range. I am including the entry from /etc/dhcp3/dhcpd.conf for both the wireless and wired subnets below: # DHCP subnet a wireless Access Point for eth2 subnet 192.168.139.32 netmask 255.255.255.240 { range 192.168.139.35 192.168.139.39; option routers 192.168.139.34; option subnet-mask 255.255.255.240; option broadcast-address 192.168.139.47; option domain-name-servers 24.93.41.127, 24.93.41.128; option ip-forwarding off; default-lease-time 21600; max-lease-time 43200; } # Include a static ip address for the Access Point (per vendor) host bear_den { hardware ethernet 00:11:50:45:7A:42; fixed-address 192.168.139.33; } All other connections are wired and within the range 192.168.139.0/28 subnet 192.168.139.0 netmask 255.255.255.240 { option routers 192.168.139.2; option subnet-mask 255.255.255.240; option domain-name-servers 24.93.41.127, 24.93.41.128; option ip-forwarding off; } These are the same on both the OLD and NEW systems. My firewall system is utilized by all systems within my home. Normally there are a total of four actual systems (including my laptop) in addition to a network drive and an access point. They are all normally up 7x24. Other than the laptop all are wired; except for the access point, of course, which provides wireless connections. My personal laptop is currently the only wireless enabled system on my network and it is the only one that is having the problem. It works just fine using the OLD system... > > -Tom > Tom, Thank you very much. I apologize for leaving out the details. I eventually want to be able to provide wireless connections for my son and my three grandchildren when the visit and bring their own computers with them. Regards, Jay -- Jay Ridgley [email protected] Registered Linux User ID - 9115 Registered Ubuntu User ID - 23320 ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
