I've had some good success with this stuff and have even gone and got them all set up to run off of those fancy new fangled CF card things. It's cool, I like it, Ipsec is a wondrous thing now even. In fact you could say I've almost forsaken BSD......<S> But I do have a problem and like all problems it can be traced back to Windows, or maybe more accurately, Windows users. I have two machines on the local network that I need to foward traffic coming from the internet to. This in itself is nothing that I haven't done before but what happens is one of the dnat lines will not work. I have ommitted large portions of the rules file for shorewall version 1.4.2 running over iptables 1.2.8 for the sake of brevity:
DNAT net loc:192.168.2.23 tcp 25 - 216.123.215.85 DNAT net loc:192.168.2.50 tcp 3389 - 216.123.215.85 DNAT net loc:192.168.2.168 tcp 3389 - 216.123.216.86 The last line is the one that does not work, it gets loaded on a shorewall restart, shows up in a shorewall show nat, and gets dropped by the net2all policy in the policy file, I watched it happen in the shorewall.log with my own two eyes! Once again.... # If you want open access to the Internet from your Firewall # remove the comment from the following line. #fw net ACCEPT net all DROP ULOG all all REJECT ULOG #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE I'm just wondering why it is that it's getting dropped here??? All of the other redirections work without a hitch, and there are quite a few of them in there, some are even using the same .86 address... So I guess to sum up if I were to add a number of test redirections onto 216.123.215.86 things like port 80, 25, 110 they work dandy. If I switch the port to 3389 net2all tosses them, yet the line above from 216.123.215.85 works fine. Can anybody show me the error of my ways? Thanks in advance for any aid! ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
