Greetings,
These innocent looking rules:> DNAT fw dmz:192.168.1.102 udp domain -
> 64.XX.XX.XX
> DNAT fw dmz:192.168.1.102 tcp domain -
> 64.XX.XX.XX
Are creating this error:> iptables v1.2.6a: host/network `addr'' not found
> Try `iptables -h'' or ''iptables --help'' for more
information.
With those rules commented out, everything works fine; with those rules
in place, shorewall stops restarting when it processes them.
In the masq file, there is this:> eth2 192.168.1.101 64.XX.XX.XX
and in the rules file this:> DNAT loc dmz:192.168.1.101 tcp
> www,pop3,smtp,ssh,ftp - 64.XX.XX.XX
> DNAT dmz dmz:192.168.1.101 tcp
> www,pop3,smtp,ssh,ftp - 64.XX.XX.XX
> DNAT net dmz:192.168.1.101 tcp
> www,pop3,smtp,ssh,ftp - 64.XX.XX.XX
> DNAT net dmz:192.168.1.102 udp domain -
> 64.XX.XX.XX
> DNAT net dmz:192.168.1.102 tcp domain -
> 64.XX.XX.XX
> DNAT loc dmz:192.168.1.102 udp domain -
> 64.XX.XX.XX
> DNAT loc dmz:192.168.1.102 tcp domain -
> 64.XX.XX.XX
> DNAT dmz dmz:192.168.1.102 udp domain -
> 64.XX.XX.XX
> DNAT dmz dmz:192.168.1.102 tcp domain -
> 64.XX.XX.XX
The idea is to DNAT all DNS traffic directed to that external IP to
192.168.1.102, but send all other traffic to 192.168.1.101. With the
current rules, this works fine, but if I add the DNAT rule with "fw"
in
the source column I can''t start shorewall. I really need the firewall
to be able to access the DNS server using the external IP. Suggestions?
The whole setup is actually a bit more complicated; there are actually
several external IP''s, and a lot more stuff in the rules file, but
I''ve
only pasted rules that relate to the specific hosts I''m having the
problem with.
TIA,
~leif