Re: [Shorewall-users] Issue: no outgoing traffic from LOC and DMZ

Mon, 08 Jan 2018 14:11:05 -0800 

On 01/07/2018 08:26 PM, Tom Eastep wrote:
> On 01/07/2018 06:05 PM, Thomas wrote:
>> Hi,
>>
>> after enabling Shorewall I cannot update the OS of any server running in
>> LOC and DMZ, means fetching packages from repository fail.
>>
>> For example, this is the output of a server running in DMZ:
>> vm102-haproxy:~# apk update
>> fetch http://dl-cdn.alpinelinux.org/alpine/v3.6/main/x86_64/APKINDEX.tar.gz
>> ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.6/main: network error
>> (check Internet connection and firewall)
>> fetch
>> http://dl-cdn.alpinelinux.org/alpine/v3.6/community/x86_64/APKINDEX.tar.gz
>> ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.6/community: network
>> error (check Internet connection and firewall)
>> fetch http://alpine.mirror.wearetriple.com/v3.6/main/x86_64/APKINDEX.tar.gz
>> v3.6.2-227-g41e842fa63 [http://dl-cdn.alpinelinux.org/alpine/v3.6/main]
>> v3.6.2-225-g9aec1deda8 [http://dl-cdn.alpinelinux.org/alpine/v3.6/community]
>> v3.6.2-240-geb8d8205d9 [http://alpine.mirror.wearetriple.com/v3.6/main]
>> 2 errors; 8526 distinct packages available
>>
>> I have attached the trace after successfull starting of Shorewall.
>>
>> Can you please share some advice why the outgoing traffic is not working?
>>
> 
> Please follow the instructions at
> http://www.shorewall.net/support.htm#Guidelines under "3) If Shorewall
> is starting successfully and your problem is that some set of
> connections to/from or through your firewall..."
> 

One thing to check first -- be sure you have FORWARDING=Yes in
shorewall.conf or have set net.ipv4.ip_forward=1 in your sysctl
configuration and have FORWARDING=Keep.

-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to