check your policy and your rules file to be sure you have the ports open you want. These files are very well commented. You may be missing a line like:
Code:
# Allow Ping To And From Firewall
#
ACCEPT loc fw icmp 8
ACCEPT fw loc icmp 8
You don't particularly want folks pinging your firewall, even from the inside.
Don't neglect to reference the shorewall website. The documentation and diagrams are first-class!