I have three inerface loc / net / dmz , I will send the shorewall dump tmr.
Thanks !
--- 2010年2月3日 星期三,Michael Weickel - iQom Business Services GmbH <[email protected]>
寫道﹕
寄件人: Michael Weickel - iQom Business Services GmbH <[email protected]>
主題: Re: [Shorewall-users] WG: Suddenly DMZ can't access to internet
收件人: "'Shorewall Users'" <[email protected]>
日期: 2010年2月3日,星期三,下午7:07
If x.x.214.101 is part of
your provider aggregated space I do not believe that it’s a provider issue. You
can easily check this by tracing from a foreign host to your ip and see if your
provider routes it to your shorewall.
Further I am a bit
confuses that you have now two local subnets 192.168.0.x and 172.16.1.x. Are
both subnets on the Shorewall´s phy dmz interface?
Von: Wilson Kwok
[mailto:[email protected]]
Gesendet: Mittwoch, 3. Februar
2010 12:01
An: Shorewall Users
Betreff: Re: [Shorewall-users] WG:
Suddenly DMZ can't access to internet
Do you think is ISP problem ?
--- 2010年2月3日
星期三,Michael Weickel - iQom Business Services
GmbH <[email protected]> 寫道﹕
寄件人:
Michael Weickel - iQom Business Services GmbH <[email protected]>
主題:
Re: [Shorewall-users] WG: Suddenly DMZ can't access to internet
收件人:
"'Shorewall Users'" <[email protected]>
日期:
2010年2月3日,星期三,下午6:45
This really sounds like routing issues. Maybe
subnet mask or sth. like that. I think its time to follow Tom´s offer to give
a Shorewall dump as described in the troubleshooting phase on
www.shorewall.net
Von: Wilson Kwok
[mailto:[email protected]]
Gesendet: Mittwoch, 3. Februar
2010 11:17
An: Shorewall Users
Betreff: Re: [Shorewall-users]
WG: Suddenly DMZ can't access to internet
If
I change the NAT x.x.214.101 to another local lan IP
172.16.1.249 client computer , this computer can't access to internet .....
Thanks
--- 2010年2月3日
星期三,Michael Weickel - iQom Business
Services GmbH <[email protected]>
寫道﹕
寄件人:
Michael Weickel - iQom Business Services GmbH <[email protected]>
主題:
Re: [Shorewall-users] WG: Suddenly DMZ can't access to internet
收件人:
"'Shorewall Users'" <[email protected]>
日期:
2010年2月3日,星期三,下午3:37
Does x.x.214.101 represent your new
‚original destination’ in rules file?
If yes, this sounds like a hierarchy
problem in your rules file where another rule may applied before the one
you want.
For example.
DNAT
net dmz:192.168.0.7
tcp
80
- x.x.214.101
DNAT
net
dmz:192.168.0.6
tcp
80
- x.x.214.101
This would mean, that a http request
to your original destination will always apply the NAT to 192.168.0.7
because
its more near to the top of the file.
Go to /etc/shorewall and do a ‘cat
rules | grep 214.100’ if you see more than one tcp 80 rule this could be
your problem. If you do the same with 214.101 and see only one tcp 80 rule
you have your answer.
Von: Wilson Kwok
[mailto:[email protected]]
Gesendet: Mittwoch, 3. Februar
2010 07:54
An: Shorewall Users
Betreff: Re: [Shorewall-users]
WG: Suddenly DMZ can't access to internet
I
just changed NAT IP to another NAT IP:
original: x.x.214.100 192.168.0.6
changed: x.x.214.101 192.168.0.6
Internet can access to web by x.x.214.101
What's this problem?
Thanks !
--- 2010年2月3日
星期三,Tom Eastep <[email protected]> 寫道﹕
寄件人:
Tom Eastep <[email protected]>
主題:
Re: [Shorewall-users] WG: Suddenly DMZ can't access to internet
收件人:
"Shorewall Users" <[email protected]>
日期:
2010年2月3日,星期三,上午12:57
Michael
Weickel - iQom Business Services GmbH wrote:
> net dmz:192.168.0.1
tcp
80
>
>
>
> I forgot to mention that this should be put to rules file, sorry.
And you probably wanted
DNAT net
dmz:192.168.0.1 tcp 80
But randomly changing the rules without understanding what the real
problem is seems unwise. Wilson doesn't even know if the problem has
anything to do with Shorewall.
I repeat my offer to look at the output of 'shorewall dump' but I must
do it in the next 30 minutes because the rest of my day is full with
meetings.
-Tom
--
Tom Eastep \ When I die, I want to go like my
Grandfather who
Shoreline, \ died peacefully in his
sleep. Not screaming like
Washington, USA \ all of the passengers in his
car
http://shorewall.net
\________________________________________________
-----內含下列附件-----
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the
business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call
away.
http://p.sf.net/sfu/theplanet-com
-----內含下列附件-----
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Yahoo!香港提供網上安全攻略,教你如何防範黑客!了解更多
-----內含下列附件-----
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the
business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
-----內含下列附件-----
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Yahoo!香港提供網上安全攻略,教你如何防範黑客!了解更多
-----內含下列附件-----
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
-----內含下列附件-----
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Yahoo!香港提供網上安全攻略,教你如何防範黑客!了解更多
-----內含下列附件-----
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
-----內含下列附件-----
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/ 了解更多!------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
