Ok I found the culprit,
Thanks you for the solution! I will read this faq!I can connect to my machine now :-)) i'm so glad. Butt for some strange reason, i can't get on the internet from this machine when Shorewall is on. I can do dns lookups, and tracert and ping from that machine to the internet, butt can't browse the internet. The worst thing is that there is nothing in the log to show me where the problem reside. The only thing I get now is this: Thats strange because there is a rule that says accept from net to dmz:10.10.10.102 80,443Now when I open the browser(on the machine with the second ip 188.8.131.52) I always see my webserver default webpage on 10.10.10.102.Strange,Sincerely,Selvam MatthysShorewall:net2dmz:DROP:IN=vmbr0 OUT=venet0 PHYSIN=eth0 SRC=184.108.40.206 DST=10.10.10.102 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=21435 DF PROTO=TCP SPT=2084 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=02010/3/23 Tom Eastep <firstname.lastname@example.org>------------------------------------------------------------------------------Selvam Matthys wrote:> <http://10.10.10.0/24> and I have one kvm machine connected on vmbr0
> Ok, i'm sorry for not answering last mail, butt I changed my hole config.
> So what I did now: two public ip's on my vmbro that is bridged on eth0.
> So my fw gets 220.127.116.11 my dmz is 10.10.10.0/24
> with ip 18.104.22.168.You have neglected to set the 'routeback' option on vmbr0. See Shorewall FAQ 17.
> The thing is that when I activate my Shorewall, I cant get on the
> internet anymore with this kvm machine. and get this message in the log:
> Shorewall:FORWARD:REJECT:IN=vmbr0 OUT=vmbr0 PHYSIN=vmtab101i0 PHYSOUT=eth0 SRC=22.214.171.124 DST=126.96.36.199 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=4338 PROTO=ICMP TYPE=8 CODE=0 ID=34450 SEQ=25345
> so when I disable Shorewall, my two public ip's work good, butt when
> enabled, my second ip stops working. when I ping to my second ip I get
> answer back from my main ip 188.8.131.52 that tell's me destination
> host unreachable.
> I will answer much faster this time, i'm not changing my config anymore.
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
Shorewall-users mailing list