From: Tom E. <te...@sh...> - 2005-10-03 14:16:36
|
Costantino wrote: > I'll try to trick the server by renaming the zip file to .DAT > Just rename it back before un-zipping. You could also use gzip or bzip2. The instructions at http://www.shorewall.net/support.htm clearly tell you to try the failing connection (in your case DNAT) before capturing the output of "shorewall status". Assuming that you did that, the requests are never reaching your firewall (Note the "0" in the "pkts" column below): NAT Table Chain PREROUTING (policy ACCEPT 981K packets, 76M bytes) pkts bytes target prot opt in out source destination 0 0 net_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0 Your firewall cannot redirect connections that don't go through it. If you didn't try the failing connection before capturing the "shorewall status" output then, once again, please follow the troubleshooting instructions in FAQs 1a and 2b. Until you are able to see the connection requests reach your firewall, no amount of changing your Shorewall configuration is going to have any effect. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |