On 8/22/2013 9:32 AM, Angela Williams wrote: > Hi! > Been away from the list for a short while. > > I have just got Shorewall 4.5.15 up and running at a customer with two > ISP's. One is a leased line and the other is an ADSL line. > > It almost works as planned but not quite! First of all the ADSL line > proved to be very flaky! Up and down many times in a day! Not to much of > an issue really as I just did > ip link set eno3 down > and that solved that problem for a bit! > > All inbound traffic to smtp, ssh, rdp, http etc work as they should. The > rdp is DNAT'd to the customers Baan server. All outbound traffic from > the FW zone works as expected. > > Problem comes from internal users! All of them! I use normal MASQ type > SNAT to masquerade all users out! Most of them it's normal web browsing > and a few make the standard Windows vpn connection to their only > customer. All users also access their That is were it starts to come > unglued. All users get times when they cannot access pop3 or imap on the > FW server, At times they cannot access any internet. Also at times only > one user can make a vpn connection. Just had the Windows support guy on > the phone. He was Team Viewer'd into the CFO notebook and that worked > fine. He could not ping any ip address on the internet but from a > Windows server he could. I restarted shorewall and after a short time he > could ping an external ip address and mail - imap - worked again! > > I've looked through my shorewall config and nothing really jumps out at me! > I have attached at shorewall dump in gzip format! I've looked at it and > again nothing looks wrong to my poor old untrained eyes! >
With ino3 down, you must disable that interface in Shorewall. It it is currently enabled, so any traffic that attempts to go out of that interface will fail. Be sure that eno3 has the 'optional' option in /etc/shorewall/interfaces. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
