On Mon, Apr 07, 2008 at 12:36:51PM +0200, Darshaka Pathirana wrote: > > > >> Ok, now it all makes sense. After researching the shorewall-doc I > >> found this: > >> > >> [1] http://www.shorewall.net/two-interface.htm#SNAT > >> > >> and > >> > >> /usr/share/doc/shorewall/README.Debian.gz > >> > >> which states to set "IP_FORWARD=On" in the shorewall.conf. > >> > >> So the problem seemed to be RTFM! > > Don't you think that this is the actual solution to this problem? > Yes.
> JFTR: I've sent you the logs I have directly to you... > I have spoken with Tom Eastep about it and forwarded the logs to him as well. His assessment was that something is causing ip forwarding to be turned off (or at least keeping it from being turned on). In the Debian package, IP_FORWARD defaults to "Keep", instead of "On". This is so that values set manually or via /etc/sysctl.conf are not disrupted by Shorewall. In your case, you would want Shorewall to enable it unconditionally since you are not enabling it elsewhere. Please confirm if this works for you so that this bug report can be closed. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
