[Shorewall-users] local network blocking
teastep at shorewall.net
Thu Oct 16 15:35:05 PDT 2003
On Thu, 2003-10-16 at 13:49, Norbert Crettol wrote:
> Ok, I've tested to "shorewall clear" and it still didn't work. So,
> I've a network config problem. My forwarding is not setup properly.
> I've lost a lot of time tweaking shorewall... I know now where to
> search. Than you.
These are pretty obvious but maybe one will help:
1) All hosts in the 'local' zone should have their default gateway set
2) All hosts in the 22.214.171.124/24 subnet (including 126.96.36.199)
need to have a route to 188.8.131.52/24 via 184.108.40.206.
Alternatively, 220.127.116.11 has such a route and return ICMP redirects
to hosts trying to reach 18.104.22.168/24. There ICMP packets redirect
the client to 22.214.171.124.
3) On your Shorewall box, verify that /proc/sys/net/ipv4/ip_forward
contains 1. Usually, "shorewall clear" will set it that way and
IP_FORWARDING=On sets it that way when Shorewall is started.
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users