Hi! Shorewall Users I am trying to configure my shorewall to access my local webserver (smtp, pop3 and https) Below is my shorewall rules. In my shorewall server I just have 2 NIC # MITEL Server DNAT net loc:192.168.118.171 tcp 25 - 211.24.146.52 DNAT net loc:192.168.118.171 tcp 110 - 211.24.146.52 DNAT net loc:192.168.118.171 tcp 443 - 211.24.146.52 Below is the error messsage Sep 24 10:44:57 netgw kernel: Shorewall:newnotsyn:DROP:IN=eth1 OUT=eth0 SRC=192.168.118.171 DST=66.7.159.166 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=45422 DF PROTO=TCP SPT=2337 DPT=80 WINDOW=31856 RES=0x00 ACK FIN URGP=0 Best regards, Support
As the log shows this is a connection that''s initiated from 192.168.118.171 destined to 66.7.159.166 on Tcp port 80, which is http. You don''t have port 80 specified.>From what your wanting to do and the log snippet that you''ve sent I can only guess that you sentthe wrong log snippet. If I try and get to https://211.241.146.52 An error occured while loading https://211.24.146.52: Timeout on server Connection was to 211.24.146.52 at port 443 --- Support <support@leaderuniversal.com> wrote:> Hi! Shorewall Users > > I am trying to configure my shorewall to access my local webserver (smtp, > pop3 and https) > > Below is my shorewall rules. In my shorewall server I just have 2 NIC > > # MITEL Server > DNAT net loc:192.168.118.171 tcp 25 - > 211.24.146.52 > DNAT net loc:192.168.118.171 tcp 110 - > 211.24.146.52 > DNAT net loc:192.168.118.171 tcp 443 - > 211.24.146.52 > > Below is the error messsage > > > Sep 24 10:44:57 netgw kernel: Shorewall:newnotsyn:DROP:IN=eth1 OUT=eth0 > SRC=192.168.118.171 DST=66.7.159.166 LEN=52 TOS=0x00 PREC=0x00 TTL=63 > ID=45422 DF PROTO=TCP SPT=2337 DPT=80 WINDOW=31856 RES=0x00 ACK FIN URGP=0 > > > > Best regards, > Support > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Hi! Joshua .. Thank for your reply ... is it that I have to add PORT 80 at my shorewall ? Best regards, Support ----- Original Message ----- From: "Joshua Banks" <l0f33t@yahoo.com> To: "Shorewall Users Mailing List" <shorewall-users@lists.shorewall.net> Sent: Wednesday, September 24, 2003 11:22 AM Subject: Re: [Shorewall-users] shorewall redirect to local server> As the log shows this is a connection that''s initiated from192.168.118.171 destined to> 66.7.159.166 on Tcp port 80, which is http. You don''t have port 80specified.> > >From what your wanting to do and the log snippet that you''ve sent I canonly guess that you sent> the wrong log snippet. > > If I try and get to https://211.241.146.52 > > An error occured while loading https://211.24.146.52: > > > Timeout on server > Connection was to 211.24.146.52 at port 443 > > > > > --- Support <support@leaderuniversal.com> wrote: > > Hi! Shorewall Users > > > > I am trying to configure my shorewall to access my local webserver(smtp,> > pop3 and https) > > > > Below is my shorewall rules. In my shorewall server I just have 2 NIC > > > > # MITEL Server > > DNAT net loc:192.168.118.171 tcp 25 - > > 211.24.146.52 > > DNAT net loc:192.168.118.171 tcp 110 - > > 211.24.146.52 > > DNAT net loc:192.168.118.171 tcp 443 - > > 211.24.146.52 > > > > Below is the error messsage > > > > > > Sep 24 10:44:57 netgw kernel: Shorewall:newnotsyn:DROP:IN=eth1 OUT=eth0 > > SRC=192.168.118.171 DST=66.7.159.166 LEN=52 TOS=0x00 PREC=0x00 TTL=63 > > ID=45422 DF PROTO=TCP SPT=2337 DPT=80 WINDOW=31856 RES=0x00 ACK FINURGP=0> > > > > > > > Best regards, > > Support > > > > _______________________________________________ > > Shorewall-users mailing list > > Post: Shorewall-users@lists.shorewall.net > > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> > Support: http://www.shorewall.net/support.htm > > FAQ: http://www.shorewall.net/FAQ.htm > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
On Wed, 24 Sep 2003, Support wrote:> Thank for your reply ... is it that I have to add PORT 80 at my shorewall ?Very difficult to say. You have shown us three rules. You have shown us a log message -- the log message is unrelated to the three rules. You have NOT said what isn''t working. You have NOT shown us your /etc/shorewall/interfaces file so we have to guess what the log message means in terms of your network setup. You have not followed the instructions at http://shorewall.net/support.htm for submitting a problem report (especially the part of those instructions marked with "This is Important" on bold red font). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Hi! Tom Thank a lot .. my shorewall now is working fine. Thank for your HELP Best Regards, Support ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Shorewall Users Mailing List" <shorewall-users@lists.shorewall.net> Sent: Wednesday, September 24, 2003 12:30 PM Subject: Re: [Shorewall-users] shorewall redirect to local server> On Wed, 24 Sep 2003, Support wrote: > > > Thank for your reply ... is it that I have to add PORT 80 at myshorewall ?> > Very difficult to say. > > You have shown us three rules. > > You have shown us a log message -- the log message is unrelated to the > three rules. > > You have NOT said what isn''t working. > > You have NOT shown us your /etc/shorewall/interfaces file so we have to > guess what the log message means in terms of your network setup. > > You have not followed the instructions at http://shorewall.net/support.htm > for submitting a problem report (especially the part of those instructions > marked with "This is Important" on bold red font). > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >