Tom Eastep <teastep <at> shorewall.net> writes: > > On 05/06/2010 06:50 AM, Olivier Bourdon wrote: > > > > > I do not own the Firewalls (int-FW and ext-FW) but rules have been > > configured properly as: > > > > > the packet never makes it to int-machine (empty tcpdump outpout) > > tcpdump on dmz-machine only shows incoming traffic and no other traffic > > not even on lo interface > > > > > Does someone has a clue on what is wrong or if it is possible at all > > > > For this to work: > > a) int-FW must accept port1 traffic from dmz-machine -> int-machine; and > b) You must apply the miserable hack in Shorewall FAQ 1g on dmz-machine > (where that FAQ refers to 'public address', just use the address of the > machine's only NIC). > > -Tom
Thanks a million Tom works like a charm but after restarting shorewall I had to relaunch the forwarding command sysctl -w net.ipv4.ip_forward=1 to make it work and therefore change the IP_FORWARDING option to On in shorewall.conf Thanks again for your help ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
