Shorewall users - Dec 2003 - dropped traffic?

I have a redhat 9 machine with three nics/zones. On eth0 I have 20 IP''s
attached . Every IP is DNAT''ed on various ports to various machines on
the
dmz. Today I tried to bring up a webserver on the 20th secondary address
attached to eth0. If I attach a packet sniffers to each nic, I can see my
test traffic on eth0, but it is not being passed to the dmz, nor loc, nor is
it being logged. I have an IP on my loc nic dnated to the same webserver and
it works fine. My Policy is reject everywhere with info. My rules are 
 
 DNAT:info    net     dmz:192.168.5.11 tcp     80      -      12.45.241.220
DNAT:info    loc     dmz:192.168.5.11 tcp     80      -      10.5.75.228
(works)
 
Everything else on this firewall appears to work fine. I enabled icmp on the
IP address, pinged it from the net side, and the NIC that responded had the
correct MAC address. Any ideas where else to look?
Thanks for your time!

On Tue, 2003-12-02 at 09:54, Steve Postma wrote:
>  My rules are 
>  
>  DNAT:info    net     dmz:192.168.5.11 tcp     80      -      12.45.241.220
> DNAT:info    loc     dmz:192.168.5.11 tcp     80      -      10.5.75.228
> (works)
>  
> Everything else on this firewall appears to work fine. I enabled icmp on
the
> IP address, pinged it from the net side, and the NIC that responded had the
> correct MAC address. Any ideas where else to look?
Have you tried the port-forwarding troubleshooting tips in FAQs 1a and
1b?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net