Hi Roberto! On 14.03.2008 12:11, Roberto C. Sánchez wrote: > On Fri, Mar 14, 2008 at 11:18:53AM +0100, Darshaka Pathirana wrote: >> >> I also had the same problem yesterday. >> >> After the reboot I had to issue >> >> % shorewall clear >> % shorewall restart >> >> So I created a "shorewall dump" directly after rebooting and one >> directly after clearing and restarting. The main difference I found was: >> >> - /proc/sys/net/ipv4/ip_forward = 0 >> + /proc/sys/net/ipv4/ip_forward = 1 >> > The best thing would be if you could send a compressed shorewall dump > from each of the following times: > > - just after reboot > - after shorewall clear > - after shorewall restart > > If you are not comfortable sending it to the bug, then send to my email > directly.
I am sorry, but the system was already in production at the time I wrote the Bug-Message. So I am not able to do any reboots anymore. Moreover, I feel a little unconfortable submitting a customers log (altough I possibly could mask the IP-Adresses etc.) If you think it would really, really be helpfull to have these logs let me know, I'll try to send you the logs I have (just after reboot and after shorewall restart; I didn't dump the log after clearing). >> Ok, now it all makes sense. After researching the shorewall-doc I >> found this: >> >> [1] http://www.shorewall.net/two-interface.htm#SNAT >> >> and >> >> /usr/share/doc/shorewall/README.Debian.gz >> >> which states to set "IP_FORWARD=On" in the shorewall.conf. >> >> So the problem seemed to be RTFM! >> >> BUT.. >> >> As I just copied the files from >> "/usr/share/doc/shorewall/examples/two-interfaces" I think there >> should be some kind of "README.Debian" too where this issue should >> be mentioned! > > I will certainly look into this. Thx and thx for maintaining shorewall! Nice work! Greetings, - Darsha -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
