Re: [Shorewall-users] iproute and shorewall

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Alexander Gretencord wrote:

> 
> This seems to work to a point, traffic goes out via eth2 and ACKs come back 
> but they never make it to eth1 and InternalhostB :( Nothing in the firewall 
> logs either and the connection tracking record in /proc/net/ip_conntrack 
> looks ok doesn't it?
> 
> tcp  6 59 SYN_RECV src=INTERNALHOSTA dst=80.130.222.48 sport=48664 dport=2525 
> src=80.130.222.48 dst=192.168.0.142 sport=2525 dport=48664 use=1
> 
> Suggestions?

Given that the connection is still in SYN_RECV state, the ACKs coming 
back from the NATing router aren't being associated with the above 
connection. You need to examine them closely to determine why that is so.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ te...@sh...