Michael Mansour escribió: > Hi, > > I've built two new firewalls with the latest shorewall > 4.0.10-3 (updating from 2.4.9 finally!). > > I've migrated the rules and modified them to the new > formats, and configured everything I need correctly. > > When I tried to get the firewalls online last night > (they're clustered) I got alot of these messages: > > May 20 00:16:45 firewall01 kernel: > Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 > SRC=xxx.xx.xxx.xx DST=xxx.xxx.xxx.xxx LEN= > 57 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP > SPT=32768 DPT=53 LEN=37 > > where the SRC is it's own zone, and the DST is an > external (net) zone. > > The eth1 interface is my internal local network, while > eth0 is the internet connection to our provider. > > I have about 17 zones running and configured (the > current shorewall 2.4.9 firewalls provide subnets and > firewalling for that many clients). > > How would I start to trouble-shoot this problem? > noting I've migrated my config and setup (with the > expected modifications to take advantage of the new > 4.x formats and values) from a working environment. > > I'm going to give the new firewalls a go again tonight > to try and work out this problem. > > Thanks. > > Michael. >
Could be a policy or a forwarding problem ?? Can you paste your config ? > > > Get the name you always wanted with the new y7mail email address. > www.yahoo7.com.au/y7mail > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
