Thanks you for the solution! I will read this faq!
I can connect to my machine now :-)) i'm so glad. Butt for some strange reason, i can't get on the internet from this machine when Shorewall is on. I can do dns lookups, and tracert and ping from that machine to the internet, butt can't browse the internet. The worst thing is that there is nothing in the log to show me where the problem reside. The only thing I get now is this: Thats strange because there is a rule that says accept from net to dmz: 80,443
Now when I open the browser(on the machine with the second ip I always see my webserver default webpage on

Selvam Matthys

Shorewall:net2dmz:DROP:IN=vmbr0 OUT=venet0 PHYSIN=eth0 SRC= DST= LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=21435 DF PROTO=TCP SPT=2084 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0

2010/3/23 Tom Eastep <>
Selvam Matthys wrote:
> Ok, i'm sorry for not answering last mail, butt I changed my hole config.
> So what I did now: two public ip's on my vmbro that is bridged on eth0.
> So my fw gets my dmz is
> <> and I have one kvm machine connected on vmbr0
> with ip
> The thing is that when I activate my Shorewall, I cant get on the
> internet anymore with this kvm machine. and get this message in the log:
> Shorewall:FORWARD:REJECT:IN=vmbr0 OUT=vmbr0 PHYSIN=vmtab101i0 PHYSOUT=eth0 SRC= DST= LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=4338 PROTO=ICMP TYPE=8 CODE=0 ID=34450 SEQ=25345
> so when I disable Shorewall, my two public ip's work good, butt when
> enabled, my second ip stops working. when I ping to my second ip I get
> answer back from my main ip that tell's me destination
> host unreachable.
> I will answer much faster this time, i'm not changing my config anymore.

You have neglected to set the 'routeback' option on vmbr0. See Shorewall FAQ 17.

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car \________________________________________________

Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
Shorewall-users mailing list