Marco C. Coelho wrote: > I've tried Toms suggestion below without success. Perhaps a diagram of > this system would help.
Posting a diagram when using a variable pitched font in an HTML-formated email never helps. Like your diagram, they always come out completely unreadable. > > ___________________________________ > | eth0 > eth1 | > -----------64.202.224.0/24--------| net interface on pppoe server / loc > interface |--------------no ip address (pppoe only)----- > > | | > > ___________________________________ > To simplify things, I changed loaded apache on each pppoe server and set > the home page as the user suspended page. > so in this case I could redirect to either 127.0.0.1, or 64.202.224.X > > The way the pppoe server works is: PPPOE daemon uses radius > authenticate terminates the pppoe session. At this point the session is > handed of to the standard kernel mode pppd > > When I use: > > DNAT- y:192.168.50.0/24 z:64.202.224.254:80 tcp > > > I do not get the suspend web page. When I trace route from the connect > system, I get host unreachable from my boarder router (which I should > never see). The DNAT- rule has nothing to do with traceroute. Traceroute uses either UDP or ICMP and your DNAT- rule only redirects TCP. > This box is running zebra and ospf, as is the boarder router, could it > be that they are overriding? So far, the whole picture is no clearer than mud. Please try again with a fixed-pitch font and/or plain text email. Maybe then we can get a picture of your setup. And please give us details -- the output of 'shorewall dump' collected as described at http://www.shorewall.net/support.htm#Guidelines would be ideal. Forward it as an attachment to [email protected], if you don't want to send it to the entire list. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
