Hello all, I''ve been using shorewall as firewall for as long as a year and I am loving!! You guys are great! But lately I''ve found a dilema! I need to establish a One-to-One NAT thru a shorewall firewall (version 1.2 - Debian stable realease). Everything configured as the manual says... But when acessing from the ouside to the 1to1 NATed IP the system logs: Mar 16 13:25:33 sa-03 kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=171.171.171.145 DST=192.168.0.11 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=35079 SEQ=0 I''ll paste my config bnelow... If any one can hep me... Thx all!!! Frederico Costa Rio de Janeiro Brazil PS: The internet connection is made thru an ADSL modem and the 1to1 NAT must exit thru another connection (to a service provider) thru the eth1 interface /etc/shorewall/zones #ZONE DISPLAY COMMENTS net Net Internet loc Local Local networks pro Provider Provider network #ZONE INTERFACE BROADCAST OPTIONS net ppp0 detect noping,routestopped,dhcp loc eth0 detect routestopped pro eth1 detect /etc/shoerwall/nat #EXTERNAL INTERFACE INTERNAL ALL INTERFACES LOCAL 171.171.171.141 eth1 192.168.0.11 no no /etc/shoerwall/shorewall.conf ADD_IP_ALIASES="yes" /etc/shorewall/masq #INTERFACE SUBNET ADDRESS ppp0 eth0 eth1 192.168.0.0/24 /etc/shoerwall/rules #RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S) ADDRESS ACCEPT pro loc:192.168.0.11 icmp 8
On Wed, 17 Mar 2004, Frederico Costa wrote:> > Hello all, > > I''ve been using shorewall as firewall for as long as a year and I am > loving!! You guys are great! > > But lately I''ve found a dilema! I need to establish a One-to-One NAT thru > a shorewall firewall (version 1.2 - Debian stable realease).I''m sorry -- 1.2 has been unsupported for over a year -- see the Shorewall FAQ. Perhaps someone else on the list can help.... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Thu, 2004-03-18 at 04:25, Tom Eastep wrote:> > But lately I''ve found a dilema! I need to establish a One-to-One NAT thru > > a shorewall firewall (version 1.2 - Debian stable realease). > > I''m sorry -- 1.2 has been unsupported for over a year -- see the Shorewall > FAQ. > > Perhaps someone else on the list can help....Frederico, get latest 1.4.x Shorewall from http://www.backports.org/ Petr
Tom, Thanks... I''ve got a backport for debian (1.4) and itś working 1000% now... Thanks again for the excelent software!!! Att, Frederico Costa Em Qui, 2004-03-18 às 00:25, Tom Eastep escreveu:> On Wed, 17 Mar 2004, Frederico Costa wrote: > > > > > Hello all, > > > > I''ve been using shorewall as firewall for as long as a year and I am > > loving!! You guys are great! > > > > But lately I''ve found a dilema! I need to establish a One-to-One NAT thru > > a shorewall firewall (version 1.2 - Debian stable realease). > > I''m sorry -- 1.2 has been unsupported for over a year -- see the Shorewall > FAQ. > > Perhaps someone else on the list can help.... > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net