On Thu, 2008-09-18 at 19:53 -0700, Tom Eastep wrote: > Ricardo Kleemann wrote: > >>>> What is the setting of IP_FORWARDING in /etc/shorewall/shorewall.conf? > >>>> > >>> It's set to On... :-/ > >>> > >>> Could it be because I have the fw connected directly to the server > >>> (rather than via switch)? I wouldn't think so since ping from the > >>> firewall (fw -> dmz) works... it's just from the net -> dmz that doesn't > >>> work... > >> We're going to need the output of "shorewall dump", collected as > >> described at http://www.shorewall.net/support.htm#Guidelines > > > > Thanks Tom. > > > > It's attached. I did the reset then attempted to ping. > > > > Again the issue here is that the ping isn't going through the NAT. It > > goes to the main net interface (192.168.0.200) but the IP that is NAT'ed > > to the internal server (192.168.0.199 -> 192.168.1.200) is not pingable. > > What is the configured default gateway on host 192.168.1.200? >
Hi Tom, thanks for your help! The gateway configured was correct (192.168.1.1). The error of my ways was that the server had an unconnected eth interface that was assuming the 192.168.0 network... so maybe it was attempting to use that interface since the source IP of the NAT is on the 192.168.0 network? Anyway, after removing that interface, things started working. Ricardo ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
