Jonathan Angliss wrote:
.>
>
> An update on this... Followed instructions from 1a, and 1b... after
> resetting the counters, I watched... the rules that involved sending
> the one outside IP to 2 different inside (webmail going to port 80 on
> box 1, and smtp going to port 25 on box 2) seemed to still be in
> operation, but the other rules have started to fail...
*fail?* -- So you are seeing the DNAT rule couters incrementing but the
ACCEPT rule counters are not?
on checking,> they are showing a 0 count for the packets received, regardless of how
> often I try... This suggests (based on the docs) that my ISP is
> blocking it, my dnat rule doesn''t match, or I don''t have
origdest
> set... none of which apply because they worked 5 mins before.
> Restoring the rules back to the smtp forward going directly to the
> exchange server resolves the issue... this is driving me crazy... any
> other ideas? Log files don''t even trigger anything on failure (at
> either end), and it''s more than just one external location that
fails
> too, tested from 5 different outside locations.
>
tcpdump/ethereal is your friend --
You can also post the output of ''shorewall status'' as a text
attachmemt
after the next failure. Point out which counters you think are still
incrementing and which aren''t.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net