shorewall-users April 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] Connections from the fire

Re: [Shorewall-users] Connections from the firewall itself fail.

From: Tom Eastep <teastep_at_nospam>
Date: Mon Apr 02 2012 - 20:18:29 GMT
To: Augusto Vázquez Vázquez <>, Shorewall Users <>

On 04/02/2012 11:46 AM, Augusto Vázquez Vázquez wrote:
> Even using IP addresses instead of DNS names it fail.
> I'm trying to access any website from the firewall, using Iceweasel in
> Debian 6.0.2, in the firewall is running Shorewall, DNS with views
> (Wan, Lan, DMZ) and Proxy server. I can't use the package aptitude
> either.

Clearly, Shorewall isn't blocking web access from the firewall since
Squid is able to access the net fine.

And there are no firewall rules blocking fw->net traffic:

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target prot opt in out source
 983K 125M fw2net all -- * eth0

Chain fw2net (1 references)
 pkts bytes target prot opt in out source
 502K 91M ACCEPT all -- * * ctstate RELATED,ESTABLISHED
33538 2029K ACCEPT tcp -- * * tcp dpt:80
 448K 33M ACCEPT all -- * *

If you momentarily 'shorewall clear', does the problem go away? (be sure
to 'shorewall start' after the test).

-- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car \________________________________________________

This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here

Shorewall-users mailing list