Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Shorewall stops random computers from access

    I have Shorewall configured on a CentOS 5 distribution.
    It is configured to masquerade the internal LAN on eth1 to the internet on eth0.
    The rules list each MAC address of the pc's on the internal LAN.

    This normally works fine, however, at some point one of the pc's could no longer access the internet. I tried changing rules, verify MAC addresses but nothing helped.
    As a last resort I then added a NAT entry in iptables Linux firewall on Webmin to masquerade the IP address of just that PC (post routing chain). Curiously, that worked.
    Or did work, until then some time later another pc could not go onto the internet any longer. Excellent, I said, I know what to do, and promptly added another iptables masquerading entry. By now, all pc's have such entries.

    This worked until a few days ago when someone had to have his laptop plugged into our network - and I entered his IP address into iptables. Worked for a few hours but then no longer did. I found that shorewall had stopped. Restarting it helped nothing, I then had to delete the iptables rule on the Linux firewall option in webmin and recreate it, then it worked again.
    The same happened with 3 users adding their computers to our network - works for a few hours, then shorewall stops, and nothing helps unless I recreate the iptable entry.

    Anyone has an idea how to handle this?
    Is this a bug in Shorewall, or is my "double" configuration a problem?

    I am willing to throw out Shorewall entirely if that helps. But if that is so, there must be a bug which should really be fixed, since that is horribly unreliable.

    Any help appreciated.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    The Keystone State
    I do not use shorewall myself but I would be looking at the log file to see what is happening.

    Personally I would not use a front end firewall app.


    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts