Hi all, install a shorewall 4 on a debian squeeze, configure the interfaces and the files, but I can not have internet on the local network.
I can connect to the shorewall pc from outside and from the local network, I can connect to internet from the shorewall pc so I'm sure I have something misconfigured.

ip route command throws me the following

192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1
xxx.xxx.xxx.0/24 dev eth0 proto kernel scope link src xxx.xxx.xxx.200
default via xxx.xxx.xxx.1 dev eth0
default via 192.168.2.1 dev eth1 scope link

ifconfig

eth0 Link encap:Ethernet HWaddr
inet addrxx.xxx.xxx.200 Bcastxx.xxx.xxx.255 Mask:255.255.255.0
inet6 addr: fe80::219:d1ff:fedd:afd1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2374 errors:0 dropped:0 overruns:0 frame:0
TX packets:110 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:284690 (278.0 KiB) TX bytes:13739 (13.4 KiB)
Interrupt:19 Base address:0x2100

eth1 Link encap:Ethernet HWaddr
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::227:19ff:feb1:6b69/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:204 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17521 (17.1 KiB) TX bytes:468 (468.0 B)
Interrupt:17 Base address:0x2000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 B) TX bytes:560 (560.0 B)

In shorewall:
interfaces file:
===================

#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp
loc eth1 detect bridge

policy file:
===============
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST

#loc net ACCEPT
#net all DROP info
# THE FOLLOWING POLICY MUST BE LAST
#all all REJECT info
fw all ACCEPT
all all REJECT info
net all DROP info


rules file:
=============

#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP
#
# Accept DNS connections from the firewall to the network
#
ACCEPT net $FW tcp 22
ACCEPT loc net tcp 20,21,22,25,43,53,63
ACCEPT loc net tcp 110,123,143,443,465
ACCEPT loc net tcp 587,993,995
ACCEPT loc net udp 43,53,63,123
REDIRECT loc 8080 tcp 80,8080
ACCEPT loc fw tcp 20,21,22,53,67,68,80,10000
ACCEPT loc fw udp 53,67,68
Ping(ACCEPT) net $FW
Ping(ACCEPT) loc $FW
Ping(ACCEPT) loc net

masq file:
=============
eth0 192.168.2.0/24

Hope someone can help me out with this.

Regards