thr3ads.net - Shorewall devel - [Shorewall-devel] Problem with DNAT 3 IP''s two NIC [Sep 2004]

If this information is useful, please help other people find it:
Share via:

Johny Hazin

2004-Sep-07 17:53 UTC

[Shorewall-devel] Problem with DNAT 3 IP''s two NIC

Thanks Tom

Sorry, I was wrong, this is the correct question...

I have this configuration:

                                                                         |
Email Server 192.168.0.253                                 |  
___|___         Port 25 SMTP                          ___|____                  
____
| LAN   |-------------------------------------Eth1    -----  |Firewall | ----- 
Eth0       10.10.10.166     |NET |
 | Local |                                     192.168.0.1        |            
Eth0:0    10.10.10.163
                                                                         |
                                                                         |

eth0      Link encap:Ethernet  HWaddr 00:C0:F0:54:DC:1E  
          inet addr:10.10.10.166  Bcast:10.10.10.167  Mask:255.255.255.248
          inet6 addr: fe80::2c0:f0ff:fe54:dc1e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1738708 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1538724 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1130239548 (1077.8 Mb)  TX bytes:248692331 (237.1 Mb)
          Interrupt:15 Base address:0xb000 

eth0:0    Link encap:Ethernet  HWaddr 00:C0:F0:54:DC:1E  
          inet addr:10.10.10.163  Bcast:10.10.10.167  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:15 Base address:0xb000 

eth1      Link encap:Ethernet  HWaddr 00:50:8B:E9:D3:7C  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::250:8bff:fee9:d37c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1803457 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1783929 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:261270108 (249.1 Mb)  TX bytes:1149310777 (1096.0 Mb)

Eth0  Net Zone (two Ip addresses)
Eth1  Local Zone

OS Fedora 2
Shorewall Version 2.0.7

In Eth1 i have my email server with the private ip 192.168.0.253 and the public
ip is 10.10.10.163, when i do the DNAT i have this:

Sep  5 11:13:55 ns kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT=
MAC=00:c0:f0:54:dc:1e:00:04:27:fd:6c:cb:08:00 SRC=205.240.205.176
DST=10.10.10.163 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=50942 DF PROTO=TCP
SPT=62382 DPT=25 WINDOW=65148 RES=0x00 SYN URGP=0

IN=eth0=OUT ,this is my problem, in and out is same interface. DNAT doesnt
works. I follow this instructions:
http://shorewall.net/Shorewall_and_Aliased_Interfaces.html

My /etc/shorewall/rules is

##########################################################################################################################
#ACTION  SOURCE          DEST                                    PROTO   DEST   
SOURCE     ORIGINAL     RATE            USER/
#                                                                               
PORT                           PORT(S)        DEST         LIMIT           GROUP
REDIRECT        loc            8080                                        tcp  
80                                      -                   -                 - 
-
ACCEPT           all               all                                         
tcp     21,22,23,25,53,80,110         -                   -                  -  
-
DNAT:info         net              loc:192.168.0.253:25               tcp     25
-            10.10.10.163       -                   -

I fixed the column, i copied it wrong.


/etc/shorewall/masq

###############################################################################
#INTERFACE              SUBNET                          ADDRESS                
PROTO   PORT(S)
      eth0                192.168.0.0/255.255.255.0


Thanks

Johny

Tom Eastep

2004-Sep-07 18:21 UTC

head link

[Shorewall-devel] Problem with DNAT 3 IP''s two NIC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johny Hazin wrote:

<ASCII art and scrambled file copies deleted>

| I fixed the column, i copied it wrong.

Your ASCII art is undecyperable and the rules you posted look just like
what you posted earlier. Plus, your mailer has folded it into a pretzel.

Please follow the DNAT debugging tips given in FAQs 1a and 1b. If you
can''t resolve the problem, please provide the information requested at
http://shorewall.net/support.htm (INCLUDING THE OUTPUT OF "shorewall
status" as an attachment).

HINT: Don''t post in HTML and use a fixed pitch font in your email
composer -- otherwise, what we see is gibberish...

- -Tom

PS -- if you are having problems getting DNAT working, why are you
running the development version of Shorwall (I assume that''s why you
are
posting on the Shorewall Development List with this Newbie problem)?
- --
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBPl6uO/MAbZfjDLIRApIVAJ9KGCol8G77DBifo76klMSif7O6zACfWIl6
yukj3TyhQiaum1pNaGYLEk0=jrGq
-----END PGP SIGNATURE-----

Maybe Matching Threads

Search for more maybe matching threads

Shorewall devel - Sep 2004 - Problem with DNAT 3 IP''s two NIC

[Shorewall-devel] Problem with DNAT 3 IP''s two NIC

[Shorewall-devel] Problem with DNAT 3 IP''s two NIC

Maybe Matching Threads