My apologize. It was a mistake in a previous configuration. Regards, Jacques
-----Original Message----- From: Jacques GARCIA VAZQUEZ Sent: mardi 11 mai 2010 16:14 To: [email protected] Subject: [Shorewall-users] Some problem with forward rule,the destination address is not correct and is thus rejected Hi all, The message in the log looks like: Mar 2 12:42:15 FlxRouter kernel: [ 989.533384] Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=62.153.x.x DST=192.138.1.20 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=17560 DF PROTO=TCP SPT=43759 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 The problem is that the destination address is wrong and is not specified in any rules. Our internal network is 192.168.1.0 and the forwarding rule on port 25 is 192.168.1.20. Here are the rules concerned: SMTP/DROP:info loc:!192.168.1.5,192.168.1.20 net - 25 DNAT net loc:192.168.1.20 tcp 25 - 194.78.xx.xx (eth1.0) DNAT net loc:192.168.1.5 tcp 25,143,993 - 194.78.xx.xx (eth1.1) DNAT net loc:192.168.1.8 tcp 21,25 - 194.78.xx.xx (ath1.2) "Shorewall show" or "Iptables -L" don't list that address (192.138) This problem occurs for some source IP, others sources are working perfectly (means we receive mail on 192.168.1.20). eth1 is the external interface (3 virtual addresses) and eth0 is the internal network. No DMZ. This is a simple two interfaces configuration. Version is 4.0.15 debian package. I don't know where to look to. Can anyone help me ? Thanks in advance Jacques ------------------------------------------------------------------------ ------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
