From: Tom E. <te...@sh...> - 2005-08-04 16:53:22
|
Chip Burke wrote: > I am pretty much bewildered at this point. Everything else works.... > masquerade, ports open to the firewall itself. But DNAT doesn't work at all. > Now it is not even logging the same things as before. It doesn't seem to log > any DNAT activity. I am 100% certain I have the interfaces connected > correctly. Right now I have torn the firewall out and put it in test > environment with a different hub on either interface. Here is the IPTables > output. I know it is a lot, but I am hoping someone can find something > goofed up in one of the chains that I have missed. > a) In the future, please include the output of "shorewall status" *as an attachment* as requested on the support page. Otherwise, your mailer folds it into a pretzel. b) Please change the "all" SOURCE in your DNAT rules to "net" as recommended by Stephen Carville. If you *really* want to redirect requests from your local network back to the server in your local network (gag, barf), then please follow the instructions in Shorewall FAQ #2 (you need to add the "routeback" option to your entry for 'eth1' in /etc/shorewall/interfaces and you need to masquerade this "routeback" traffic with an entry in /etc/shorewall/masq -- it's a horrible disgusting hack that is much better avoided by using split DNS). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |