On Tue, 18 Jun 2002, Nachman Yaakov Ziskind wrote: > Using Bering: > Linux yoreach 2.4.18 #1 Sun Apr 21 12:50:34 CEST 2002 i686 unknown > > with Shorewall 1.2.12. I'm MASQ'ing the local net to the outside, except for a > few servers which are using Static NAT. > > Zones: > > net Net Internet > loc Local Local networks > > Ifaces: > > net eth0 detect routefilter > loc eth1 detect routestopped >
Given that you are having a problem involving NAT and MASQ, it would be helpful if you posted the contents of those files. > All my policies are set to ACCEPT, for testing purposes. My RULES file is > unmodified. So the firewall is wide open, right? Yes, plus you don't have to look at any helpful diagnostic messages that way. > > Problem: from my MASQ'ed boxes, I can see the whole 'NET - except for the > Static NAT boxes. But I can see the Static NAT boxes from the outside. Also, > the Static NAT boxes can see each other (even using the public IP addresses). > Without knowing what your configuration looks like (including IP addresses, subnetting and routing), it's hard to know what's wrong. > It is not a DNS problem, as using the public IP addresses is no better (the > private IP addresses work fine). > > I'm stumped. How do I troubleshoot this? > First please tell us what your configuration really looks like then tell us which computers can communicate with which other computers and which can't using which addresses (remember, computers can't SEE each other -- they can only communicate with one another). -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] ---------------------------------------------------------------------------- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf <<< ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
