<jgv@FlexsysBelgium.com>
2010-May-11 14:14 UTC
Some problem with forward rule, the destination address is not correct and is thus rejected
Hi all, The message in the log looks like: Mar 2 12:42:15 FlxRouter kernel: [ 989.533384] Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=62.153.x.x DST=192.138.1.20 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=17560 DF PROTO=TCP SPT=43759 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 The problem is that the destination address is wrong and is not specified in any rules. Our internal network is 192.168.1.0 and the forwarding rule on port 25 is 192.168.1.20. Here are the rules concerned: SMTP/DROP:info loc:!192.168.1.5,192.168.1.20 net - 25 DNAT net loc:192.168.1.20 tcp 25 - 194.78.xx.xx (eth1.0) DNAT net loc:192.168.1.5 tcp 25,143,993 - 194.78.xx.xx (eth1.1) DNAT net loc:192.168.1.8 tcp 21,25 - 194.78.xx.xx (ath1.2) "Shorewall show" or "Iptables -L" don''t list that address (192.138) This problem occurs for some source IP, others sources are working perfectly (means we receive mail on 192.168.1.20). eth1 is the external interface (3 virtual addresses) and eth0 is the internal network. No DMZ. This is a simple two interfaces configuration. Version is 4.0.15 debian package. I don''t know where to look to. Can anyone help me ? Thanks in advance Jacques ------------------------------------------------------------------------------
<jgv@FlexsysBelgium.com>
2010-May-11 17:04 UTC
Re: Some problem with forward rule, the destination address is not correct and is thus rejected
My apologize. It was a mistake in a previous configuration. Regards, Jacques -----Original Message----- From: Jacques GARCIA VAZQUEZ Sent: mardi 11 mai 2010 16:14 To: shorewall-users@lists.sourceforge.net Subject: [Shorewall-users] Some problem with forward rule,the destination address is not correct and is thus rejected Hi all, The message in the log looks like: Mar 2 12:42:15 FlxRouter kernel: [ 989.533384] Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=62.153.x.x DST=192.138.1.20 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=17560 DF PROTO=TCP SPT=43759 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 The problem is that the destination address is wrong and is not specified in any rules. Our internal network is 192.168.1.0 and the forwarding rule on port 25 is 192.168.1.20. Here are the rules concerned: SMTP/DROP:info loc:!192.168.1.5,192.168.1.20 net - 25 DNAT net loc:192.168.1.20 tcp 25 - 194.78.xx.xx (eth1.0) DNAT net loc:192.168.1.5 tcp 25,143,993 - 194.78.xx.xx (eth1.1) DNAT net loc:192.168.1.8 tcp 21,25 - 194.78.xx.xx (ath1.2) "Shorewall show" or "Iptables -L" don''t list that address (192.138) This problem occurs for some source IP, others sources are working perfectly (means we receive mail on 192.168.1.20). eth1 is the external interface (3 virtual addresses) and eth0 is the internal network. No DMZ. This is a simple two interfaces configuration. Version is 4.0.15 debian package. I don''t know where to look to. Can anyone help me ? Thanks in advance Jacques ------------------------------------------------------------------------ ------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------
Tom Eastep
2010-May-11 17:28 UTC
Re: Some problem with forward rule, the destination address is not correct and is thus rejected
On 5/11/10 10:04 AM, jgv@FlexsysBelgium.com wrote:> My apologize. It was a mistake in a previous configuration.Good -- because I had no idea what the problem could be ;-) -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------