On Mon, Mar 02, 2009 at 09:04:10PM +0100, Jaap Eldering wrote: > On Wed, Feb 25, 2009 at 11:35:24PM -0500, Roberto C. S?nchez wrote: > > > > OK. Everything seems in order there (no pun intended). Please do the > > following: > > > > 1. create the file /etc/shorewall/started > > > > 2. add this line to /etc/shorewall/started (including quotes): > > > > echo "/proc/sys/net/ipv4/ip_forward=$(cat /proc/sys/net/ipv4/ip_forward)" > > > > 3. reboot your computer > > > > 4. provide the entire contents of /var/log/shorewall-init.log > > immediately following reboot > > 20:43:19 IP Forwarding Enabled > 20:43:19 Processing /etc/shorewall/started ... > /proc/sys/net/ipv4/ip_forward=1 > 20:43:19 done.
That right there shows that IP forwarding is enabled after Shorewall finishes starting. If it is disabled on your system, then that means that something is disabling it after Shorewall has already started. I am inclined to think that this is not a bug in Shorewall. What happens when you remove or comment out the "net.ipv4.ip_forward=1" entry from /etc/sysctl.conf? Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
