[Shorewall-users] Shorewall 4.4.15 configuration not working anymore with revision 4.4.23

Fri, 18 Nov 2011 09:13:12 -0800 

Hello Thomas and Shorewall users,

I'm using shorewall under a gentoo distribution and lately the shorewall
package evolved from revision 4.4.15.1-r1 to revision 4.4.23.2.

I'm using this platform as a one arm router/firewall between 3 zones.
3 IPv4 addresses are associated to the available ethernet port.

The 3 zones are named red, green and blue.
red is the zone between the firewall and my ADSL box.
green is the zone with most access rights to the outside and blue has some
time based restrictions.
Connections from green and blue zones to the internet is done through
masquerading as the ADSL box only accept connections from the gentoo
platform. I want to control access from other computers to the outside by
blocking direct access to the ADSL box. I can only use one physical network
due to the configuration of my home place.

This configuration seems to be working well with shorewall 4.4.15 but as
this revision is subject to the "2011-08-07 Nasty bug" issue described in
http://www.shorewall.net/Notices.html, I wanted to upgrade the shorewall
gentoo package to revision 4.4.23.2 (which is considered stable by the
gentoo team).

After upgrading to this new revision, neither green or blue zones have
access to the outside anymore, all packets are dropped. I suspect that my
configuration has a flow and was probably working because of this "nasty
bug".
I've already also ensured that "IP_FORWARDING=On" was kept during the
upgrade.

I've attached the output of "shorewall dump" while trying to access
www.google.com from a computer in the green zone after the upgrade.


Thank you for reading me up to this point. Any help will be greatly
appreciated.

Thibault Hild

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to