Re: [Shorewall-users] Shorewall 4.06 + DNAT + Problem with internalrouting

Tue, 05 Aug 2008 02:25:51 -0700

Title: OpenGroupware.org
Re: [Shorewall-users] Shorewall 4.06 + DNAT + Problem with internalrouting
mailLabel 
sender: Gianni Socionovo <[EMAIL PROTECTED]> 
content: 
Shorewall Users <[email protected]> wrote: 
> Tom Eastep wrote:
> > Gianni Socionovo wrote:
> > 
> >>
> >> from the log i got:
> >>
> >> Aug  4 19:10:07 mylinuxbox kernel: [276232.278815] 
> >> Shorewall:net_dnat:DNAT:IN=eth0 SRC="" DST=88.xx.xx.1 LEN=48 
> >> TOS=0x00 PREC=0x00 TTL=128 ID=4891 DF PROTO=TCP SPT=1128 DPT=22 
> >> WINDOW=16384 RES=0x00 SYN URGP=0 Aug  4 19:10:07 mylinuxbox kernel: 
> >> [276232.278839] Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 
> >> SRC="" DST=10.10.2.4 LEN=48 TOS=0x00 PREC=0x00 TTL=127 
> >> ID=4891 DF PROTO=TCP SPT=1128 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
> >> It seem that DNAT rule work well but after DNAT REJECT policy takes 
> >> place.
> >>
> >> Can anyo
 ne help me to solve the configuration error? I need urgently 
> >> to set other DNAT rules towards the other nested zones.
> > 
> > It's a routing issue. See http://www.shorewall.net/Multiple_Zones.html
> > 
> 
> Note that since you didn't follow the problem reporting Guidelines 
> (http://www.shorewall.net/support.htm#Guidelines), we can't tell you how your
routing is wrong. But from the REJECT message, it is apparent that your 
> router is routing 10.10.2.4 out of eth0, not eth1 as you intend.
> 
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ [EMAIL PROTECTED]
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
> 
> 

Hello Tom, obviously I obfuscated for the public mailing list the real IP
nu
 mbers of Shorewall configuration.
Tell me if i can send you all information and trace fiel to protected email
recipient
-- 
Ing. Gianni Socionovo
MEP SpA
 
footerRowLabel1 5 © footerRowLabel2 
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to