[Shorewall-users] masq problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi everybody.

I'm sorry to bother you because I'm probably doing something wrong, but 
I have already read the documentation and I have been using shorewall 
for quite a long time.

I recently installed 3.2.3 from source (but there was the same problem 
with 3.0.7 from apt-get ... -t unstable)

The thing is, that I can't get masq working. Maybe this is because 
something changed in masq since I have been using similar configuration 
in 2.x

But I can't see what... There is nothing in messages so it doesn't point 
me in the right direction. No REJECT, no loc2something... No 
communication like loc2net is logged when I try to get through (ping, 
dns, telnet...)

It is not a vmware-related issue since the same problem is when I try to 
masq a real computer like from eth1.

THANKS!

This is my config:

interfaces:
net	eth2 	detect	dhcp # wan -- to  cable modem
loc	eth1 	detect
loc     vmnet0  detect

masq:
eth2    vmnet0 # the same with eth1

modules: 
default from /usr/share/doc/shorewall/default-config/ # version 3.0.7

policy:
fw      all     ACCEPT
loc     all     ACCEPT 	info
net     all     DROP    info
all     all     REJECT	info	

rules: 
there is no rule like 
ACCEPT/REJECT/... 	loc	net/fw	-	-	-

just a few like
ACCEPT  net:a.b.c.d     fw      tcp     21,22,443       -

routestopped: 
eth2 	x.x.x.x
eth2	y.y.y.y

zones:
fw      firewall
net     ipv4
loc     ipv4

shorewall.conf: (i think it's default but not shure)
STARTUP_ENABLED=Yes
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGRATE=
LOGBURST=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
LOG_MARTIANS=No
IPTABLES=
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
IPSECFILE=zones
FW=
IP_FORWARDING=Keep
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
RETAIN_ALIASES=No
TC_ENABLED=Internal
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
ROUTE_FILTER=Yes
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
DELAYBLACKLISTLOAD=No
MODULE_SUFFIX=
DISABLE_IPV6=Yes
BRIDGING=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
RFC1918_STRICT=No
MACLIST_TABLE=filter
MACLIST_TTL=
SAVE_IPSETS=No
MAPOLDACTIONS=No
FASTACCEPT=No
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
TCP_FLAGS_DISPOSITION=DROP

    -- Matej --