Am 02.04.2016 um 00:17 schrieb Tom Eastep: Dear Tom, dear users,
>> It gets the package request, but then drops it, instead of forwarding it as >> per DNAT line >> DNAT:$LOG net loc:192.168.2.3:7091 tcp 7091 >> DNAT:$LOG net loc:192.168.2.3:7091 udp 7091 >> >> (this port forwarding is just ONE example, I have multiple services that I >> can't reach anymore) > > Have you followed the port forwarding diagnostic steps detailed in > Shorewall FAQs 1a and 1b? If so, please forward the output of 'shorewall > dump' collected by following the instructions at > http://www.shorewall.net/support.htm#Guidelines. Well, I was about to follow that with the trace, but the fix for #2 & #3 solved this as well! Btw, the faq shows to run /sbin/shorewall trace start 2> /tmp/trace which results in an empty file with a lot of output on my ssh window. Not sure if that is the expected result? Or should it be more "...start 1> /tmp/trace 2>&1" for the full picture? >> #2) I have on the loc LAN a DLINK Wifi Access Point, providing (surprise!) >> wifi access to the LAN and the internet (via the firewall linux machine). On >> the firewall I run squid as a proxy, the wifi devices can access web pages, >> etc. nicely, with or without squid. ... > Try setting CLAMPMSS=Yes in shorewall.conf. Gosh, such a simple fix to a bugging problem. That's awesome! >> #3) WhatsApp. ... > Again, see if CLAMPMSS=Yes doesn't help you... It did! Tom, thank you very much once again! So the only thing that now remains is whether or not to go to V5 and how to include your devel archive as a repo? Did anybody do that yet? Thanks a bunch, you really made my weekend a very sunny one!! Florian -- Florian Piekert flo...@floppy.org =========================================================================== Note: this message was send by me *only* if the eMail message contains a correct pgp signature corresponding to my address at flo...@floppy.org. Do you need my PGP public key? Check out http://www.floppy.org or send me an email with the subject "send pgp public key" to this address of mine. Thx!
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
