Menu
▾
▴
Re: [Shorewall-users] 10.x.x.x address going outside the firewall to the address?
|
From: Tom E. <te...@sh...> - 2007-08-16 14:02:32
|
Brad Bendily wrote: > On 8/15/07, David Mohr <dam...@mc...> wrote: >> On 8/15/07, David Mohr <dam...@mc...> wrote: >>> Did you check your masquerading settings? Sounds like that is not >>> turned out for eth4 anymore. >> Of course I meant "turned on" >=20 > Right! >=20 > Well, that's part of the confusion I have. Because on the old system, > everything worked > as needed, so I copied everything exact config to the new system. > Except for the fact that I > upgraded Shorewall. >=20 > I have 3 dmz's each with only one machine behind them. They all > exhibit the same behavior. They are using their own 10.x address when > the source of communicating with machines on the internet starts from > the machine. > So, I didn't change the masq file. But I tried, I put different things > there, but it didn't help. > I also changed the nat file which didn't seem to help either. >=20 > Here is the format of the masq file: > eth0 10.0.0.0/24 x.x.x.123 > eth0 10.0.0.80 x.x.x.117 > eth2 10.1.1.40 x.x.x.97 > #eth4:0 10.1.4.4 x.x.x.113 > eth0 10.0.0.5 x.x.x.118 > eth0 10.0.0.35 x.x.x.118 > eth0 10.0.0.150 x.x.x.118 I think we're going to have to see a 'shorewall dump'. You reported that = the server's IP address was 10.4.4.4 yet that host isn't mentioned in your ma= sq file. So I don't know if you are trying to obfuscate (which just annoys those of us who are trying to help you and delays a solution to your problem) or whether this is the problem. -Tom --=20 Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |