mess-mate wrote: > Tom Eastep <[EMAIL PROTECTED]> wrote: > | mess-mate wrote: > | > Tom Eastep <[EMAIL PROTECTED]> wrote: > | > Did you read my email with aax.bz2 attached ? > | > | I just received that trace -- it contains no 'command not found' error > | either. > | > | > I said there has changed eth0 to ppp0 and the 'command not found' > | > disappears. > | > > | > But the purpose of that command is to get the website on the server > | > on the lan from a lan desktop via internet, is it ? > | > | Can someone translate the above sentence for me? I suspect that it is > | saying that the poster is trying to use the tip from Shorewall FAQ 1d. > | > | Definitely sounds like Shorewall faq 1d. What I really suspect is that > | the error message is not 'command not found' but rather than > | find_first_interface_address is failing when passed 'eth0. But who knows.... > | > | mess-mate -- if you send another trace, please insure that it contains > | the error message your are complaining about. And please show us the > | output of "ip addr ls" as well. > | > Ok, you're right, i followed the tip from FAQ 1d. > But hace changed now 'eth0' to 'ppp0'.
That was the right thing to do -- ppp0 is your router's external interface (I assume that you connect via PPPoE or something similar). > Attached ip-addr.txt and statux.txt > Ok -- it looks like you have configured DNAT so that hosts in your local network (connected to eth1) will have TCP connections to 86.192.32.248:80 redirected to 192.168.20.1 (which is in your DMZ connected to eth2). But in the day and a half since you last [re]started Shorewall, not even one TCP connection to 86.192.32.248:80 has arrived on eth1! How are you trying to test this? You can't test in from the router itself -- you must test from a system behind the router that has it's default gateway configured with IP address 192.168.10.254. And start by trying to browse http://86.192.32.248/ rather than by DNS name. > Shorewall-3.2.6 Dump at router - Mon Mar 26 11:00:29 CEST 2007 > Counters reset Sat Mar 24 17:15:49 CET 2007 > Chain loc2dmz (1 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 > state RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 > tcp dpt:22 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 > icmp type 8 > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 192.168.20.1 tcp dpt:80 ctorigdst 86.192.32.248 When you try to browse http://86.192.32.248/, you should see the 'pkts' and 'bytes' counts above incrementing. > 0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 > > > NAT Table > > Chain PREROUTING (policy ACCEPT 117K packets, 33M bytes) > pkts bytes target prot opt in out source > destination > 1922 280K net_dnat 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0 > policy match dir in pol none > 115K 32M loc_dnat 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0 > policy match dir in pol none > Chain loc_dnat (1 references) > pkts bytes target prot opt in out source > destination > 0 0 DNAT tcp -- * * 0.0.0.0/0 > 86.192.32.248 tcp dpt:80 to:192.168.20.1 When you try to browse http://86.192.32.248/, you should see the 'pkts' and 'bytes' counts above incrementing. > 24 1440 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 > tcp dpt:80 redir ports 3128 > 6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1492 qdisc pfifo_fast > qlen 3 > link/ppp > inet 86.192.32.248 peer 193.253.160.3/32 scope global ppp0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
