At 9/5/2014 06:29 AM, you wrote:
>Hi
>We use a shorewall 4.4.11.6, with a 3 NIC setup (net - dmz - localnet) that
>has been working flawlessly for years.
>Now we have changed broadband provider and with it we've got new IP addresses.
>I've reconfigured shorewall with the new addresses and since then we no longer
>have functioning DNAT for boxes that are forwarded from IP different from the
>main IP address.
>
>As far as I could see, for doing the provider change we only needed to edit
>the params (params for main IP and ekstra IPs)and masq file (main IP), apart
>from of course /etc/network/interfaces and /etc/dhcp/dhcpd.conf
>
>Having done those changes everything works OK, even DNAT from the main IP to
>boxes on DMZ or localnet, whilst the DNAT rules for boxes forwarded to from
>other IPs in the address range are not working at all (ssh: connect to host
>89.233.14.37 port 22: Connection timed out)
What is in your masq file? and what type of ISP connection do you have? I have
fios that uses pppoe and the pppoe link goes through a 10.0.0.0 ip address.
Therefore I cannot include 10.0.0.0 in the masq file without causing problems
similar to yours.
Wayne S
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
