[kwlug-disc] No web on LAN - but everything else works...

[L.D. Paniak]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OK, I'm at my wit's end with this one.  Maybe you guys and gals can
point out what I'm missing.

Background:  Samba fileserver running Debian Lenny with Shorewall
firewall connected to (dhcp) cable modem on eth0 and a lan on br0 (a
bridge of lan on eth1, openvpn tap0 and an admin network on eth2).

modem -- eth0 -- shorewall -- br0 (eth1,2 and tap0)

Everything worked well until last Thursday when a power outage resulted
in an 'awkward' shutdown.

On reboot, there was no network connectivity on eth0 and eth1.  Both
ports are on a dual-port Intel e1000 gigabit card.  Apparently the
onboard nvram became corrupted.  Reflashing the card fixed that and
restored network connectivity (mostly-read on).

Now from the server, all connectivity to the Internet (including
http/https) and the LAN is OK.  Speeds good, no packet problems reported
in ifconfig.  From the LAN, Samba is there along with other machines on
the LAN and all internet services are good with excellent speed.

The problem is with Internet access from computers on the LAN.  A
computer on the LAN has no web access.  Strangely, e-mail works and
Skype can log in.  Pings from the LAN to the internet work and name
resolution is good.  ie. ping google.ca gives a good result.

It seems that the server is refusing to return requested Internet web
traffic to the appropriate LAN client.  NAT is configured in Shorewall
via the masq file.  Here it looks like:

eth0	br0

Very simple and worked until last Friday.

Is there something I should be looking for in iptables?  Why should
e-mail be different than web traffic - I do not differentiate anywhere
in the firewall? Is there something 'stuck'?...

Thanks for any and all insight!
Lori
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJSTKB8h2PnOHbiQcRAr96AJ9mlYQPnccwvE8zT19UeYr0YE93BgCdHfhV
7whnIXntcZ6IbhUR2zU+T2o=
=E+Xz
-----END PGP SIGNATURE-----