I added the masq for my local traffic out of eth0 and that has now allowed me to ping the ADSL modem, but cannot access the web config on it or the SNMP they both timeout (it does not error straight away it is a timeout). No rejects in the my shorewall logs, it just time out's. My shorewall policy file #SOURCE DEST POLICY LOG LEVEL fw dsl ACCEPT loc dsl ACCEPT loc net ACCEPT fw upnp ACCEPT net all DROP ULOG all all REJECT ULOG
Do I need a dsl to loc line? > Do you have the LEAF router set up to NAT traffic from the LAN to > 192.169.0.0/24? If not, then the problem is probably that the ADSL > modem > does not know that 192.168.0.1 is its route to 10.0.10.0/24. If you > do, > then everything else you posted looks OK. > > At this point, you don't really know which side of the setup is > > > causing the > problem. You might try ping'ing the ADSL modem from the LAN host > > and seeing > what packet counts increment, as a clue to determining whether it > > is the > ping or the reply that is failing to arrive. (Or you can do the > > > same tests > with http and snmp, of course.) Ray when you say NAT traffic from the LAN is masq it above achive the same thing? Cheers Adam Tom Eastep <[EMAIL PROTECTED]> wrote: > On Tue, 30 Sep 2003, AdStar wrote: > > > Ohh it's close, I can now ping my ADSL modem from my internal lan but no > luck > > on accessing the web config or SNMP, it just times out... > > > > Now is it time to play with firewall rules maybe? I didn't notice any > rejected > > packets in my logs.. > > > > Then your rules/policies are NOT the problem unless your loc->modem policy > is not ACCEPT and does not log. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ [EMAIL PROTECTED] > _________________________________________ Genis-X Webmail, http://www.genis-x.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
