RE: [Shorewall-users] Config

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello Guys!
(I posted this message already 1,5 hours ago, but I haven't added the jpg to
the tar, I hope you won't receive it twice)
After one day of hard work again, nothing improved...
Lanj.jpg: The 'map' of the network. A bit strange for me, but it is not my
task and I can't change anything to it.
There is an old firewall (without Shorewall), resolv.conf, hosts, ifcfg-eth0
and eth1 is the same on the new one also. And the output of route also.
The output of route is:
192.168.2.0     *               255.255.255.0   U     10     0       0 eth1
192.168.1.0     192.168.0.254   255.255.255.0   UG    10     0       0 eth0
192.168.0.0     *               255.255.255.0   U     10     0       0 eth0
default         192.168.2.1     0.0.0.0         UG    10     0       0 eth1

192.168.0.0/16 is the local network, everything is fine on it.
192.168.1.0/16 is the other cities network. I can ping from the firewall to
it and that city's network can only ping the firewall's eth0 (local)
interface. I can not ping the external interface (eth1). Maybe it is because
ping is rejected in rules, but I think only from the net, not from local. So
I guess local to firewall external IP ping is also treated to be loc to fw
and it is accepted.
I can reach the Intranet webpage on the inner IP address from the other
city, and that can't be reached from the internet, as shorewall setup says.
It seems to be working, because if I try to reach it via the external ip
from the local citys network, shorewall gives an error. That's why I am
guessing, that other cities network is also treated to be local, not 'no
zone'. But just a guess, I am not sure...
So, the config files:
Interface
#ZONE	 INTERFACE	BROADCAST	OPTIONS			GATEWAY
net	eth1	detect
loc	eth0	detect	newnotsyn,routeback
# also tried to modify the broadcast to 196.168.255.255 and to
192.168.0.255,192.168.1.255 but nothing changed Policy
#						LEVEL
loc	net	ACCEPT
loc	fw	ACCEPT
fw	loc	ACCEPT
fw	net	ACCEPT
net	all	DROP	info
all	all	REJECT	info
Rules:
REDIRECT	loc	3128	tcp	www	-
ACCEPT	net	fw	tcp	22,25,109,110,143
REJECT	net	fw	icmp	8	-
ACCEPT	net	fw	tcp	17895

The tar.gz filecontains the output of ifconfig and the Shorewall status.

I have no guess, what to do... 
The older firewall is working, so though the network is a bit dizzy for me,
it must be a firewall setting somewhere... It is driving me mad... I also
can instantly change the two firewalls without reseting a router, or
something like this in the local city, so I don't think I should restart a
router, or somethink like this.

I worked with the linux server 30 hours last weekend (only on the location,
now I have more than 120 hours in it for the last 2 weeks and I also had to
study... ;) I am becoming exhausted ;) ), became really happy when
everything worked (I only checked the first city, me amateur... ;) ) then
this happened... No guess how to get this working... 

Thank you very much in advance!