Wed, 3 Apr 2002 14:26:06 -0800 (Pacific Standard Time)
On Thu, 4 Apr 2002, Andy.Geraerts@pi.be wrote:
> Hello All!
> My situation :
> Firewall : 3 nics, LOC, DMZ, NET
> LOC has ip 192.168.7.254
> In the LOC network there is a WAN router 192.168.7.253 wich connects to
> network 192.168.1.x
> The clients have the firewall as default gateway.
> I get these erros when I try to access a host in 192.168.1.x from
> 192.168.7.x :
> Apr 4 00:03:37 ANTHEROS kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth0
> SRC=192.168.7.2 DST=192.168.1.2 LEN=44 TOS=0x00 PRE
> C=0x00 TTL=127 ID=33004 DF PROTO=TCP SPT=1190 DPT=1352 WINDOW=8192
> RES=0x00 SYN URGP=0
> I have no idea where I can enable this? Why are these packets blocked?
The firewall is doing exactly what you are telling it to do -- see your
policies below. What happens to loc->loc connection requests? -- they fall
through to the all->all policy.
> Here are my configs :
> #CLIENT SERVER POLICY LOG LEVEL
> loc fw ACCEPT
> fw loc ACCEPT
> fw net ACCEPT
> loc net ACCEPT
> net all DROP info
> all all REJECT info
I personally would add
loc loc ACCEPT
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com