[Shorewall-users] masq - pings and connections get dropped after PREROUTING?

Paul Stephenson pstephenson at ntlworld.com
Mon Sep 27 14:41:47 PDT 2004


On Mon, Sep 27, 2004 at 02:29:00PM -0700, Tom Eastep wrote:
> Tom Eastep wrote:
> | Paul Stephenson wrote:
> | | Hello,
> | |
> | | I have a pretty standard two-interface setup with masquerading, so the
> | local
> | | network can connect through the firewall to the Internet.
> | |
> | | Now, commands like 'ping 216.239.39.99' (that's google.com) from brian
> | have
> | | 100% packet loss.  Connections using a web browser (for example) also
> | time
> | | out.
> | |
> |
> | After a "shorewall clear", can brian and trevor communicate ok?
> |
> 
> I notice that you have IP_FORWARDING=Keep in your shorewall.conf file so
> unless something external to Shorewall is turning it on, then you have
> forwarding disabled on your firewall. If 'cat
> /proc/sys/net/ipv4/ip_forward' returns '0' then set IP_FORWARDING=On and
> restart Shorewall.

ip_forward seems to be on already:

trevor:/# cat /proc/sys/net/ipv4/ip_forward 
1

I'll maybe try fiddling with some of these settings tomorrow to see if I can
make more sense of what's going on.

Thanks for all your help,
Paul


More information about the Shorewall-users mailing list