[Shorewall-newbies] Masq not working.

Tom Eastep teastep at shorewall.net
Thu Jan 15 13:01:28 PST 2004


On Thursday 15 January 2004 12:54 pm, Harding, Tyson wrote:
> I have just installed shorewall 1.4.9, and setup everything according to
> the two-interface documentation. The firewall is working, and I am able to
> block, and open the ports that I want. The only part that is not working is
> the Masq.
>
> I have a cable modem with a dynamic IP address. From the firewall I can get
> out to the internet, and can connect to the computers on my loc network.
> The computers on the loc network are able to ping machines on the internet,
> but they cannot connect to them. Using tcpdump on the firewall machine, and
> watching the external interface (eth0) I can see that the requests are
> going out to the web server, but the firewall is not letting them back in.

So you see the replies coming back and then Shorewall is logging and blocking 
them? I doubt that.

Are the requests that you see going out masqueraded (that is, is the source 
address in the packets the same as the IP address of your firewall's external 
interface)?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list