Hi. Im experimenting some issues on my latest firewall upgrade. Some forwarded connection are restarted many times and the access to the lan to internet using simply nat are failing.
/etc/shorewall/masq eth1 192.168.1.0/24 I see in the log a log sfilter DROP messages. I add all our local networks and the issue continue /etc/shorewall/interfaces loc eth0 sfilter=(192.168.0.0/24,192.168.2.0/24,192.168.3.0/24,192.168.4.0/24,192.168.5.0 /24,192.168.6.0/24,192.168.7.0/24,192.168.8.0/24,192.168.9.0/24,192.168.10.0/24) Jul 17 10:53:47 CompanyFirewall kernel: FIREWALL-sfilter DROP IN=eth1 OUT=eth1 SRC=192.168.1.129 DST=104.154.127.85 LEN=1280 TOS=0x00 PREC=0x00 TTL=63 ID=56231 DF PROTO=TCP SPT=55708 DPT=4070 WINDOW=4414 RES=0x00 ACK URGP=0 Jul 17 10:53:47 CompanyFirewall kernel: FIREWALL-sfilter DROP IN=eth1 OUT=eth1 SRC=192.168.1.111 DST=8.8.8.8 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=18895 PROTO=UDP SPT=51820 DPT=53 LEN=44 If we do a ping to the google dns 8.8.8.8 from a lan pc, dont receive answer (and the network connection icon in the system Tray show alert). But if i do a tracert to 8.8.8.8, the alert dissapear and can access to internet again. How can i solve that? Thanks a lot «Existen dos cosas infinitas: el universo y la estupidez humana... y no estoy muy seguro de la primera» : Albert Einstein ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
