[Shorewall-users] start error

rioguia at speakeasy.net rioguia at speakeasy.net
Sat Sep 25 14:26:11 PDT 2004

Thank you for your kind help. Your solution (for the incorrect IP addresses
 in my rules) allowed the firewall to load and to route most of my traffic
 correctly. I am having a difficult time resolving how to approach the final

To briefly recap my prior posts, i am setting up a firewall with two IP
 addresses using the shorewall guide for more than one IP address and IP
 aliasing. My primary server in the DMZ in the DMZ gets DNAT / SNAT for
 public IP address to local address My
 secondary server in the DMZ and the pc's on the local network get DNAT /
 SNAT for for local addresses and

I have two specific problems. First, I have a working mail server that can
 receive email from behind the firewall but cannot deliver mail outside the
 firewall. The mail log (attached) shows that the mail server resolves the
 correct external address but then indicates that the connection "timed out."

Second, none of my dmz or loc computers can use a browser to reach the
 internet (i can browse to the local IP address of the dmz servers

i have tried changing the rules and masq to do one-to-one NAT for the server
 and have tried several DNS approaches to solve the problem (making the
 firewall a cashing firewall for the local pc's and using my ISP's dns
 servers for resolution) but i have had no success. Could someone take a look
 at my shorewall status file and give me some pointers?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: shorewallstatus
Type: application/octet-stream
Size: 41664 bytes
Desc: not available
Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20040925/de07166c/shorewallstatus-0001.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mailerror
Type: application/octet-stream
Size: 922 bytes
Desc: not available
Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20040925/de07166c/mailerror-0001.obj

More information about the Shorewall-users mailing list