Re: [Shorewall-users] Can't access the internet from behind the firewall

Thu, 10 May 2018 13:30:06 -0700 

You'll need to change /etc/shorewall/snat for your internal subnet. It
replace the masq file.
Hope this help.
Huy

On Thu, 10 May 2018, 21:05 David Ventura, <davidventur...@gmail.com> wrote:

> Hi
> I am setting up shorewall as my router but currently I can't connect to
> anything on the `net` from machines on `loc`. I am running shorewall
> 5.0.15.6-1 on armbian, kernel 4.14.14, aarch64.
>
> Things I checked:
>
> * I can access stuff on the `net` just fine from the firewall
> * I Set IP_FORWARDING=Yes in /etc/shorewall/shorewall.conf.
>
> I can connect from the `net` to the `fw`. I have dnsmasq on the firewall
> and I am currently getting proper DHCP and DNS. I can ping both the (fw)
> LAN address (192.168.2.1) and the WAN address (192.168.1.113) from the
> machines on `loc`.
>
> The firewall can access internet properly, but anything on `loc` just gets
> the packets (tcp, udp, icmp) dropped.
>
> I am missing ` /etc/shorewall/masq` but it was not provided on
> `/usr/share/doc/shorewall/examples` by the debian package.
>
> My interfaces file
>
> net     wan
> dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
> loc     lan0            dhcp,tcpflags,nosmurfs,routefilter,logmartians
>
> =====================
> On my rules I have
>
> ACCEPT          loc             net             tcp
> ACCEPT          loc             net             udp
> ACCEPT          loc             net             icmp
>
> ACCEPT          $FW             loc             all
>
> ======================
> Policy (default)
>
> loc             net             ACCEPT
> net             all             DROP            info
> # THE FOLLOWING POLICY MUST BE LAST
> all             all             REJECT          info
>
> What am I doing wrong?
> Also - I am not getting anything on /var/log/messages -  no idea why, even
> tried to do `shorewall debug restart` but no dice.
>
> David
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to