Shorewall users - Aug 2003 - Major problem with static NAT ..i am desperate.

Hey Tom,

Paul Seniuk here again... I am having a big issue with static NAT ...

All my nat entries are not forwarding traffic to the appropriate internal 
hosts.

Here is /etc/shorewall/nat:

216.x.x.23   eth0:0          192.168.3.5  no         no
216.x.x.19   eth0:1          192.168.3.3  no         no
216.x.x.21   eth0:2          192.168.3.1  no         no
216.x.x.22   eth0:3          192.168.3.2  no         no
216.x.x.24   eth0:4          192.168.3.4  no         no

Here is /etc/shorewall/rules:

ACCEPT   net            loc:192.168.3.5 tcp    22
ACCEPT   net            loc:192.168.3.5 tcp    80
################  ENROLNET SERVICES ##################################
ACCEPT   net            loc:192.168.3.2 tcp    25
ACCEPT   net            loc:192.168.3.2 tcp    22
ACCEPT   net            loc:192.168.3.2 udp    53
ACCEPT   net            loc:192.168.3.2 tcp    110
ACCEPT   net            loc:192.168.3.2 tcp    80
ACCEPT   net            loc:192.168.3.2 tcp    443
ACCEPT   net            loc:192.168.3.2 tcp    5729
ACCEPT   net            loc:192.168.3.2 tcp    143
ACCEPT  net             loc:192.168.3.1 tcp    443
################# ENROLNET SERVICES################################
################ FREESTYLE NETWORKS ##############################
ACCEPT   net            loc:192.168.3.3 tcp    22
ACCEPT   net            loc:192.168.3.3 tcp    25
ACCEPT   net            loc:192.168.3.3 tcp    53
ACCEPT   net            loc:192.168.3.3 tcp    110
ACCEPT   net            loc:192.168.3.3 tcp    80
ACCEPT   net            loc:192.168.3.3 tcp    443
ACCEPT   net            loc:192.168.3.3 tcp    5729
ACCEPT   net            loc:192.168.3.3 tcp    143
################# FREESTYLE NETWORKS #################################
######################## THINKTEL ################################
ACCEPT   net            loc:192.168.3.4 tcp    25
ACCEPT   net            loc:192.168.3.4 tcp    110
ACCEPT   net            loc:192.168.3.4 tcp    80
ACCEPT   net            loc:192.168.3.4 tcp    443
ACCEPT   net            loc:192.168.3.4 tcp    5729
ACCEPT   net            loc:192.168.3.4 tcp    143


Basically, no traffic is getting across to the internal hosts. If I try and 
ssh to 216.x.x.23, I get the
ssh prompt for the firewall system itself!

I am not getting anything unusual in the dropped/rejected either .....

The last time this happened (when you changed accounting), I simply 
restarted my firewall, and the nat entry worked fine; however, this time it 
is not working :(

I have no idea what is going on here..

Please Help.

Pauly.

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*  
http://join.msn.com/?page=features/virus

On Mon, 2003-08-18 at 13:05, Crazy Rider wrote:
> Hey Tom,
> 
> Paul Seniuk here again... I am having a big issue with static NAT ...
> 
> All my nat entries are not forwarding traffic to the appropriate internal 
> hosts.
> 
> Here is /etc/shorewall/nat:
> 
> 216.x.x.23   eth0:0          192.168.3.5  no         no
> 216.x.x.19   eth0:1          192.168.3.3  no         no
> 216.x.x.21   eth0:2          192.168.3.1  no         no
> 216.x.x.22   eth0:3          192.168.3.2  no         no
> 216.x.x.24   eth0:4          192.168.3.4  no         no
> 
> Here is /etc/shorewall/rules:
> 
> ACCEPT   net            loc:192.168.3.5 tcp    22
> ACCEPT   net            loc:192.168.3.5 tcp    80
> ################  ENROLNET SERVICES ##################################
> ACCEPT   net            loc:192.168.3.2 tcp    25
> ACCEPT   net            loc:192.168.3.2 tcp    22
> ACCEPT   net            loc:192.168.3.2 udp    53
> ACCEPT   net            loc:192.168.3.2 tcp    110
> ACCEPT   net            loc:192.168.3.2 tcp    80
> ACCEPT   net            loc:192.168.3.2 tcp    443
> ACCEPT   net            loc:192.168.3.2 tcp    5729
> ACCEPT   net            loc:192.168.3.2 tcp    143
> ACCEPT  net             loc:192.168.3.1 tcp    443
> ################# ENROLNET SERVICES################################
> ################ FREESTYLE NETWORKS ##############################
> ACCEPT   net            loc:192.168.3.3 tcp    22
> ACCEPT   net            loc:192.168.3.3 tcp    25
> ACCEPT   net            loc:192.168.3.3 tcp    53
> ACCEPT   net            loc:192.168.3.3 tcp    110
> ACCEPT   net            loc:192.168.3.3 tcp    80
> ACCEPT   net            loc:192.168.3.3 tcp    443
> ACCEPT   net            loc:192.168.3.3 tcp    5729
> ACCEPT   net            loc:192.168.3.3 tcp    143
> ################# FREESTYLE NETWORKS #################################
> ######################## THINKTEL ################################
> ACCEPT   net            loc:192.168.3.4 tcp    25
> ACCEPT   net            loc:192.168.3.4 tcp    110
> ACCEPT   net            loc:192.168.3.4 tcp    80
> ACCEPT   net            loc:192.168.3.4 tcp    443
> ACCEPT   net            loc:192.168.3.4 tcp    5729
> ACCEPT   net            loc:192.168.3.4 tcp    143
> 
> 
> Basically, no traffic is getting across to the internal hosts. If I try and
> ssh to 216.x.x.23, I get the
> ssh prompt for the firewall system itself!
> 
> I am not getting anything unusual in the dropped/rejected either ...
Where are you connecting from?

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

On Mon, 2003-08-18 at 13:30, Tom Eastep wrote:
> .
> 
> Where are you connecting from?
Paul reports in a private email that the problem was due to a faulty
switch configuration.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net