Using Bering 1.0rc2:
Linux yoreach 2.4.18 #1 Sun Apr 21 12:50:34 CEST 2002 i686 unknown with Shorewall 1.2.12. I'm MASQ'ing the local net to the outside, except for a few servers which are using Static NAT. Inside zone is 10.1.1.x, outside is 216.236.142.80/29. Zones: net Net Internet loc Local Local networks Ifaces: net eth0 detect routefilter,norfc1918 loc eth1 detect routestopped hosts: unmodified policy: everything ACCEPT Rules: ACCEPT loc loc:10.1.1.1 tcp smtp - 216.236.142.81:10.1.1.200 ACCEPT loc loc:10.1.1.252 tcp www - 216.236.142.82:10.1.1.200 ACCEPT loc loc:10.1.1.253 tcp www - 216.236.142.83:10.1.1.200 ACCEPT loc loc:10.1.1.254 tcp www - 216.236.142.84:10.1.1.200 (the above four rules put in per Tom Eastep in order to allow inside boxes to use the NAT'ed servers) REJECT net loc tcp 1433 REJECT net loc udp 137 REJECT net loc udp 138 REJECT net loc udp 139 (the rest as in the original) NAT: eth0 10.1.1.0/24!10.1.1.252,10.1.1.253,10.1.1.254,10.1.1.63,10.1.1.1 I have three problems (should I post them separately?) 1) Incoming connections to the servers are identified as coming from the router, not the original IP address. This makes life difficult for several reasons. How do I address this? 2) FTP connections do not work. That is, web based ftp does not work, but command line seems to be fine. This mysifies me as I thought ftp encapsulated in the browser would stress the router less(?) Nothing in messages, but this in `shorewall status`: tcp 6 431875 ESTABLISHED src=216.194.21.212 dst=216.236.142.81 sport=1656 dport=21 src=10.1.1.1 dst=216.194.21.212 sport=21 dport=1656 [ASSURED] use=1 On the server side: Jul 3 21:33:57 egps ftpd[28601]: FTP LOGIN FROM as5300-6.216-194-21- 212.nyc.ny.metconnect.net [216.194.21.212], awacs So I assume a connection has been established, and it just sits there. after breaking out: Jul 3 21:39:35 egps ftpd[28601]: FTP session closed I have loaded: ip_conntrack_ft p/ ip_conntrack_irc / ip_nat_ftp /ip_nat_irc 3) I'm getting LOTS of duplex errors, like this: Jun 18 21:24:18 yoreach kernel: eth0: Transmit error, Tx status register 82. Jun 18 21:24:18 yoreach kernel: Probably a duplex mismatch. See Documentation/networking/vortex.txt Jun 18 21:24:18 yoreach kernel: Flags; bus-master 1, dirty 249226(10) current 249226(10) Jun 18 21:24:18 yoreach kernel: Transmit list 00000000 vs. c3fed480. Jun 18 21:24:18 yoreach kernel: 0: @c3fed200 length 80000226 status 00010226 I don't care about the errors, but how to keep them from filling up the logs? What other info do I need to provide to diagnose these three problems? Thanks in advance. -- _________________________________________ Nachman Yaakov Ziskind, EA, LLM [EMAIL PROTECTED] Attorney and Counselor-at-Law http://yankel.com Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
