On Thu, 2007-08-23 at 16:50 +0200, Mark Furner wrote: > Hi > > I've used shorewall now for a few years with on my file server, and have > recently added an extra NIC (two nics, eth0 is inward facing to a LAN switch, > 192.168.1.3, and eth1 faces the router, 192.168.1.2, in the DomO). I've > started two XEN virtual DomU machines using the instructions under [1], > slimserv.home.xx on eth2 192.168.1.5 and work.home.xx on eth3 192.168.1.6. > There is a slimdev on 192.168.1.4 attached to the (wireless) router > (192.168.1.1 with dhcp server, default gateway) which should communicate with > slimserv. > > Despite having allowed pings all round in /etc/shorewall/rules (except from > net) I am unable to reach any of the machines within the file server (.1.2) > or from outside or in the LAN. All machines have the netmask 255.255.255.0. > The network is cut in half (each side of the file server), and the LAN zones > can't communicate with each other. Without the shorewall firewall up, I can > ping out of the box and _to_ the DomU's but not _out_ of them. I suspect a > routing problem. Can someone help with any ideas? >
A few minutes with your log and Shorewall FAQ 17 would have uncovered the problem. You apparently haven't mentioned eth1 in your Shorewall configuration at all. So it should be no surprise that traffic to/from that interface is blocked when Shorewall is started. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
