On 11/13/2015 7:20 AM, effemme wrote: > Il 2015-11-13 01:50 Tom Eastep ha scritto: >> On 11/12/2015 3:09 AM, effemme wrote: >>> Hello Tom, >>> yes it is enabled, either in shorewall.conf and in sysctl.conf. >>> This firewall actually worked without vlan on eth1. >>> >> >> Then we need to see the output of 'shorewall dump, collected as >> described at http://www.shorewall.org/support.htm#Guidelines >> >> -Tom > > Thanks for reply Tom, > attached is gzip of dump. > The connection attempt was from lan host 10.1.1.129 to ping google dns > 8.8.8.8 >
On eth1.89, you are SNATting to the network address (89.96.53.140). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
