On Wed, 25 Feb 2004, JamesSturdevant wrote: > OK, I've attached the full status report, the failure listed in > shorewall.log, and a copy of the rules file. I hope this helps. > > JamesS > > At 08:00 AM 2/25/2004 -0800, Tom Eastep wrote: > >On Wednesday 25 February 2004 06:13 am, JamesSturdevant wrote: > > > Yes, that is the entire block from the status option. Here is log message: > > > > > > Feb 25 08:06:47 vpnserver Shorewall:net2all:DROP: IN=eth0 OUT=eth1 > > > MAC=00:20:af:9a:ef:f7:00:00:c5:97:bf:4c:08:00 SRC=66.41.184.127 > > > DST=172.16.201.90 LEN=48 TOS=00 PREC=0x00 TTL=115 ID=8084 DF PROTO=TCP > > > SPT=3155 DPT=80 SEQ=3326239879 ACK=0 WINDOW=16384 SYN URGP=0 > > > >Please follow the instructions at http://www.shorewall.net/support.htm under > >the paragraph beginning "THIS IS IMPORTANT!" in bold type. > >
Set NAT_BEFORE_RULES=No in shorewall.conf. Since you have a one-to-one NAT entry and NAT_BEFORE_RULES=Yes, the one-to-one NAT entry is taking precedence. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
