On Mon, Jul 17, 2017 at 11:33:39AM -0500, kazabe wrote: > > /etc/shorewall/interfaces > loc eth0 > sfilter=(192.168.0.0/24,192.168.2.0/24,192.168.3.0/24,192.168.4.0/24,192.168.5.0 > /24,192.168.6.0/24,192.168.7.0/24,192.168.8.0/24,192.168.9.0/24,192.168.10.0/24) > > > Jul 17 10:53:47 CompanyFirewall kernel: FIREWALL-sfilter DROP IN=eth1 > OUT=eth1 SRC=192.168.1.129 DST=104.154.127.85 LEN=1280 TOS=0x00 > PREC=0x00 TTL=63 ID=56231 DF PROTO=TCP SPT=55708 DPT=4070 WINDOW=4414 > RES=0x00 ACK URGP=0 > Jul 17 10:53:47 CompanyFirewall kernel: FIREWALL-sfilter DROP IN=eth1 > OUT=eth1 SRC=192.168.1.111 DST=8.8.8.8 LEN=64 TOS=0x00 PREC=0x00 > TTL=127 ID=18895 PROTO=UDP SPT=51820 DPT=53 LEN=44 > I suspect that you need to add the 'routeback' option to the eth1 entry in interfaces.
> > If we do a ping to the google dns 8.8.8.8 from a lan pc, dont receive > answer (and the network connection icon in the system Tray show > alert). But if i do a tracert to 8.8.8.8, the alert dissapear and can > access to internet again. > Can you provide the output of 'shorewall dump' run as root after attempting the ping that fails? Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
