[Shorewall-users] OpenVZ, outgoing traffic blocked

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I've been tearing my hair out on this one for the last couple of days, I 
even switched from CentOS on the physical server, to Debian, just to see 
if it would make a difference, but it didn't.

First of all, I'll describe my setup:

I have one Dell server, running Debian 6 with only one network port 
connected to my test LAN (eth0), and two test containers, also running 
Debian 6. On those containers I have installed Shorewall 4.4.11.6 from 
the Debian repositories and configured it as described in the attached 
files. The physical server doesn't have Shorewall installed. This is a 
clean install, the only modifications I made from the base install was 
installing the OpenVZ kernel and userland utilities. I have tested these 
same configuration files on a VMware virtual machine and it worked 
without any problems.

Now for the problem:

Whenever I enable shorewall (shorewall safe-start or boot), it allows 
SSH and MySQL from the LAN, but it's impossible to access anything from 
within the container to the outside world. Simply disabling shorewall, 
or setting ALLOW in the net section of /etc/shorewall/policy resolves 
the problem. I have tested this by using PING and SSH to the IP 
addresses of other machines on the LAN, the other OpenVZ container and 
the physical server.

I've attached all relevant configuration files I could find and I 
appreciate any assistance you could give me with this.

Martin.