Tom Eastep wrote: > Tom Eastep wrote: >> Marcus Limosani wrote: >>> Hi tom, >>> >>> >>> >>> I set things up as per your recommendation. >>> >>> >>> >>> I can browse the net from the internal network, and then applied the >>> other rules as you indicated. >>> >>> I still get the FORWARD:REJECT response on traffic destined to the servers. >>> >>> >>> >>> I have attached the dump. I hope we can get this resolved. >> In /etc/shorewall/nat, you have typed 203.25.162.42 rather than >> 203.35.162.42. > > Oh -- and you have also configured 203.35.162,.42 and (the incorrect) > 203.25.162.42 as ip addresses on ppp0 for some unknown reason. Given > that packets with those (corrected) addresses are being routed to your > firewall by your ISP, there is no need to define them as addresses on > the firewall.
Given that the incorrect IP address (203.25.162.42) was added, I suspect that you have set ADD_IP_ALIASES=Yes in shorewall.conf; you can set that option to 'No'. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
