From: Matej <hl...@gm...> - 2006-08-29 11:04:05
|
Hi everybody. I'm sorry to bother you because I'm probably doing something wrong, but I have already read the documentation and I have been using shorewall for quite a long time. I recently installed 3.2.3 from source (but there was the same problem with 3.0.7 from apt-get ... -t unstable) The thing is, that I can't get masq working. Maybe this is because something changed in masq since I have been using similar configuration in 2.x But I can't see what... There is nothing in messages so it doesn't point me in the right direction. No REJECT, no loc2something... No communication like loc2net is logged when I try to get through (ping, dns, telnet...) It is not a vmware-related issue since the same problem is when I try to masq a real computer like from eth1. THANKS! This is my config: interfaces: net eth2 detect dhcp # wan -- to cable modem loc eth1 detect loc vmnet0 detect masq: eth2 vmnet0 # the same with eth1 modules: default from /usr/share/doc/shorewall/default-config/ # version 3.0.7 policy: fw all ACCEPT loc all ACCEPT info net all DROP info all all REJECT info rules: there is no rule like ACCEPT/REJECT/... loc net/fw - - - just a few like ACCEPT net:a.b.c.d fw tcp 21,22,443 - routestopped: eth2 x.x.x.x eth2 y.y.y.y zones: fw firewall net ipv4 loc ipv4 shorewall.conf: (i think it's default but not shure) STARTUP_ENABLED=Yes LOGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" LOGTAGONLY=No LOGRATE= LOGBURST= LOGALLNEW= BLACKLIST_LOGLEVEL= MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info LOG_MARTIANS=No IPTABLES= PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= IPSECFILE=zones FW= IP_FORWARDING=Keep ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No RETAIN_ALIASES=No TC_ENABLED=Internal CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes DELAYBLACKLISTLOAD=No MODULE_SUFFIX= DISABLE_IPV6=Yes BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes RFC1918_STRICT=No MACLIST_TABLE=filter MACLIST_TTL= SAVE_IPSETS=No MAPOLDACTIONS=No FASTACCEPT=No BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP -- Matej -- |