nevermind, solved.
local software firewall problem, and nothing to do with leaf or shorewall. sorry for the false alarm. From: the_superch...@hotmail.com To: leaf-user@lists.sourceforge.net Date: Tue, 1 Mar 2011 17:53:11 -0500 Subject: Re: [leaf-user] shorewall - DNAT rules not being applied alright. i was delaying my response to this, because i had a consumer router (with dhcp off) inbetween the leaf firewall and my machine and one of the fine gents in #shorewall mentioned that this would prevent the shorewall DNAT rules from working. it was always the intention to put a switch in place of that consumer router, so i thought i'd wait till that was finished to do any more testing of the shorewall rules on the firewall. the new switch is in and the results... are exactly the same. to answer Tom's question, the counters shown by 'shorewall show nat' are incrementing, but external sites don't see the ports as open. the only other information i have is that when i'm actually using bittorrent, the port i've mapped for that does appear open and tests out that way on the same sites that show it as closed when bittorrent is not running on the local machine. i have attached the status.zip file as indicated would be needed by the shorewall support guidelines. please let me know if i can provide any more information that would be of use. thanks. Date: Thu, 17 Feb 2011 12:30:56 -0800 From: teas...@shorewall.net To: leaf-user@lists.sourceforge.net Subject: Re: [leaf-user] shorewall - DNAT rules not being applied On 2/17/11 12:05 PM, superchode . wrote: > > one more update as i continue to fumble through this. > > i'm using this guide to try and work through the issue: > > http://www.shorewall.net/FAQ.htm#faq1a > > under "(FAQ 1a) Okay -- I followed those instructions but it doesn't > work" it gives some instructions. > > the results of 'shorewall show nat' fit the following: "Is the packet > count in the first column non-zero? If so, the connection request is > reaching the firewall and is being redirected to the server. In this > case, the problem is usually a missing or incorrect default gateway > setting on the local system (the system you are trying to forward to > -- its default gateway should be the IP address of the firewall's > interface to that system)." > > so the DNAT lines are being applied, and are being redirected by the > router. sadly, they're not making it to my local machine at the > specified IP. Are the counters in the corresponding rule in net2loc incrementing? > > i've tried manually setting my IP at the local machine as well, > explicitly setting the gateway as 192.168.1.254 (the bering > firewall)... and the net connection works just as well, but again no > redirected incoming traffic from the specified ports. > > it's difficult for me to see what i'm doing wrong. hopefully someone > can help. Time for another 'shorewall dump' collected as described at http://www.shorewall.net/support.htm#Guidelines Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
