Thanks, Matt.
Do you mean on the receiving machine? If so, then I don't think they are,
but even if they were, I would expect to see *outgoing* packets from EFW on
the orange net.
The question is why EFW isn't forwarding the packets according to the dest
nat settings.
shap
On Fri, Mar 12, 2010 at 8:12 AM, Matthew W. Ross
<[email protected]>wrote:
> Only a guess, but have you checked to see if your firewall settings are
> blocking some of your traffic somehow?
>
>
> --Matt Ross
> Ephrata School District
>
>
> ----- Original Message -----
> From: Jonathan S. Shapiro
> [mailto:[email protected]]
> To: [email protected]
> Sent: Thu, 11
> Mar 2010 17:10:38 -0800
> Subject: [Efw-user] Destination nat config problem
>
>
> > This is a bit odd, and I'm really not quite sure what I'm doing wrong.
> >
> > I'm trying to establish a mapping from public IPs on the RED net to
> internal
> > IPs on the ORANGE net as follows:
> >
> > 173.160.184.66 => 192.168.1.11
> > 173.160.184.67 => 192.168.1.12
> >
> > I've set up destination nat rules for port 80 (HTTP) on both of these
> using
> > DNAT Policy "NAT". Traffic from the GREEN network that is directed to any
> of
> > these addresses (external or internal on either machine) seems to work
> fine.
> > Traffic from the RED NIC to the .67 IP gets translated as expected and
> works
> > fine. Traffic from the RED network to the .66 IP does not seem to get
> > translated.
> >
> > In an attempt to figure out what is going on, I logged in to both the
> server
> > and the firewall and ran tcpdump against port 80. Traffic to the .67,
> which
> > forwards .67=>.12 works exactly as expected. I can see the traffic
> inbound
> > on the RED interface, and I can see the corresponding traffic inbound on
> the
> > network interface for the .12 machine on the ORANGE net. Traffic to the
> .66
> > can be seen arriving at the NIC on the RED interface, but never makes it
> to
> > the incoming NIC for the .11 machine. If I switch tcpdump over to look at
> > the ORANGE nic, it's clear that the traffic is never making it out the
> NIC.
> >
> > I've looked at the dnat/iptablesdnat file and also the output of iptables
> -L
> > -n and iptables -L -t nat -n. Both look plausible to me.
> >
> > What else do I need to look at?
> >
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Efw-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
