I've upgraded a 3-interface system from 2.0.8 to 3.2.6 on Debian, and I'm not able to make DNAT work anymore. If someone could offer a suggestion of where to look to fix this, it would be very much appreciated.
Problem Summary: If I set DETECT_DNAT_IPADDRS=Yes, then I can't access anything on my DMZ via DNAT. If I set DETECT_DNAT_IPADDRS=No, then **EVERYTHING** (all web pages, anyway) get redirected to my web server on my DMZ. Problem Example: DETECT_DNAT_IPADDRS=Yes: I can access http://www.slashdot.com from my loc computers just fine, but accessing http://www.NerdWorld.org (on my DMZ) fails with a time-out. DETECT_DNAT_IPADDRS=No: I can access my web server on my DMZ, but if I try to access slashdot (http://www.slashdot.com), it loads a page on NerdWorld.org instead! (http://www.NerdWorld.org) My setup is classic 3-interface. eth0 is DHCP to my cable modem. eth1 is my dmz at 192.168.2.0/24, while eth2 is loc at 192.168.1.0/24. I have a web server, mail server, and DNS servers on the dmz. Workstations are on loc. I cut and pasted most of my "rules" from the old system to the new system, so I don't think I've introduced a typo in the configuration files. Obviously, I've got some parameter messed up in shorewall.conf, but I can't figure out what it is. I'm frankly a little confused by some of the new parameters in shorewall.conf (or at least, confused by things I never had to figure out before <sigh>) shorewalldump is enclosed. Thanks for the help! -- Casey Bralla Chief Nerd in Residence The NerdWorld Organisation
shorewalldump.txt.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
