On 07/02/2013 09:07 AM, Zenny wrote: > Hi: > > Two shorewall boxes are installed in two different places with latest > stable versions with three interfaces (eth0>>NET, eth1>>LAN and > eth2>>DMZ), and running without any hitches for 3 years with the same > configuration . > > All of a sudden a few days back, the LAN in both places stopped > reaching internet without any warnings. > > §1 Checked disk space and inodes, they are available adequately. So > diskspace is not a problem. > > §2 LAN NIC is active, letting me connect to get the results below with > a crossover cable. So NIC is working fine and also shows that the > routing is fine. > > §3 Checked for rootkits and found clean. > > Any inputs to make LAN reach the internet shall be appreciated. Thanks! > > The network looks like as of below: > > # route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 192.168.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 192.168.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2 > 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 > > # shorewall show policies > Shorewall 4.5.17.1 Policies at gw - Tue Jul 2 19:54:47 CEST 2013 > > fw => net ACCEPT using chain fw2net > fw => loc REJECT using chain fw2loc > fw => dmz REJECT using chain fw2dmz > net => fw DROP using chain net2fw > net => loc DROP using chain net2loc > net => dmz ACCEPT using chain net2dmz > loc => fw ACCEPT using chain loc2fw > loc => net ACCEPT using chain loc2net > loc => dmz ACCEPT using chain loc2dmz > dmz => fw ACCEPT using chain dmz2fw > dmz => net ACCEPT using chain dmz2net > dmz => loc REJECT using chain dmz2loc > You have new mail in /var/spool/mail/root > > # shorewall show config > Default CONFIG_PATH is /etc/shorewall:/usr/share/shorewall > Default VARDIR is /var/lib/shorewall > LIBEXEC is /usr/libexec > SBINDIR is /sbin > CONFDIR is /etc
Please forward the output of 'shorewall dump' collected as described at http://www.shorewall.net/support.htm#Guidelines. You can send it to me privately if you like. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
