Tom,
The server can access the Internet and the clients just fine. The gateway
is the inside interface of the firewall.
Best Regards,
Roger McClurg
[EMAIL PROTECTED]
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit
written agreement or government initiative expressly permitting the use of
e-mail for such purpose.
----------------------------------------------------------------------------------------
Tom Eastep <teastep
@shorewall.net>
02/26/2004 05:12 PM
To: Roger E McClurg <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
cc:
Subject: Re: [leaf-user] LEAF DNAT Problem
On Thursday 26 February 2004 01:46 pm, Roger E McClurg wrote:
> Hi All,
>
> I've been trying to debug a problem with DNAT on the a Bering 1.2
> VPN/Firewall. I originally tried this with H323, but as few people have
> any experience with H323, I tried FTP as both use ip_conntrack modules.
> Getting the same results with both of them, I then tried HTTP which does
> not need a separate ip_conntrack module..
>
> I'm not changing port numbers, just passing the native port straight
> through. The DNAT rule is coded just as the Shorewall documentation
says:
>
> DNAT net loc:192.153.64.209 ftp,http,1720,1503
>
> In all cases I can connect to the server from clients on the local LAN
> (eth1) and from clients on the VPN (ipsec0). Clients on the same LAN as
> the external inteface (eth0) cannot connect.
>
> I put sniffers on both interfaces of the firewall, and see packets
moving
> in and out as they should. The address translation seems to be working.
> However the results are always the same with every connection type:
> A SYN comes in from the Client,
> an ACK is sent back from the server,
> then the client sends an RST
>
> Does anyone know what I can be doing wrong that will cause this to
happen?
Usually means that the server has the wrong gateway address.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
