Yay! First answer on the list, first issue fixed :-)
It's a kernel setting, Linux doesn't permit by default.
Adam.
Le 16 mars 2017 17:52:29 GMT+01:00, Ryan Joiner <[email protected]> a écrit :
>On 3/16/2017 2:09 AM, Adam Cécile wrote:
>> Hey,
>>
>> Can you make sure you have set IP_FORWARDING=Yes in shorewall.conf ?
>>
>> Adam
>>
>> On March 16, 2017 6:23:22 AM GMT+01:00, Ryan Joiner
><[email protected]>
>> wrote:
>>
>> On 3/15/2017 10:02 PM, Simon Matter wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> On 03/15/2017 06:28 PM, Ryan Joiner wrote:
>>
>> Ahh, I do see that and that would definitely be a
>problem.
>>
>> What's odd though is I copied and pasted it from the
>> sample file
>> and I'm pretty sure it was not incorrect. Maybe that
>is the
>> problem.
>>
>> I just left the office and will check this out first
>> thing in the
>> morning. Maybe it's an issue with the CentOS RPM or
>I'm
>> just a
>> moron. The latter has a higher probability. :0
>>
>>
>>
>> Unfortunately, there is a typo in the two-interface snat
>> sample -- the
>> three-interface file is correct.
>>
>>
>> Sorry, I remember how the typo came in but didn't report it
>:(
>>
>> Regards,
>> Simon
>>
>>
>>
>>
>> Oh ok. So, full disclosure on both this CentOS6 machine and the
>CentOS
>> 7 one I had done a few days ago, I did manually type in:
>>
>> MASQUERADE 192.168.0.0/16 <http://192.168.0.0/16> eth0
>>
>> and it still didn't work. That is when I went to go try the
>sample file
>> just in case I was completely blind and not seeing what I was
>doing wrong.
>>
>> Either way I will make the correction, and then report back and
>provide
>> a dump.
>>
>> Thanks everyone!
>>
>> Cheers,
>> Ryan
>>
>>
>------------------------------------------------------------------------
>>
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org <http://Slashdot.org>!
>http://sdm.link/slashdot
>>
>------------------------------------------------------------------------
>>
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>> --
>> Envoyé de mon téléphone Android avec K-9 Mail. Excusez la brièveté.
>
>
>Adam,
>
>That setting was it! The IP_FORWARDING was set to Keep rather than ON.
>
>Does anyone know when that became a requirement to set? And why that
>changed? Just curious.
>
>I apologize for not paying attention as I'm sure that was announced
>somewhere.
>
>Thanks to all!
>Ryan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
