Dariusz Sapalski wrote:> Hello !
>
> I have router/firewall box with 2 NICs. One for the internet
> and one for local network. So far so good :). On the internet
> NIC there are two public IPs binded to it. One for email and one
> for WWW server. IP for email server is aliased one (eth0:0).
> The problem is that this IP (alised) is not visible from the internet.
>
> It doesn''t respond to ping (host unreachable) or SMTP requests
while
> first (WWW) IP works ok.
If you "shorewall clear" is this still the case? If so, then your
problem has nothing to do with Shorewall.
I tried to bind SMTP service to the aliased> IP with $FW:xxx.xxx.xxx.xxx command in rules file but it doesn''t
work.
If you don''t show us *exactly* what you''ve tried, we
can''t comment.
>
> Outgoing mail server works fine. The strange thing is that on my
> previous
> machine everything worked fine when I added two entries to hosts conf:
>
> net eth0:xxx.xxx.xxx.aaa # ip www serwer
> net eth0:xxx.xxx.xxx.bbb # ip smtp server
> but now it unfortunately doesn''t work.
Those entries would have never have had any positive effect on any
version of Shorewall on any system.
The second strange thing is> that
> there are no dropped packets in log file directed to SMTP port.
> In fact there are no droped packets to the aliased IP at all.
>
> HELP !
>
Is the eth0:0 address an address that previously was used by another
system connectioned directly to the internet? If so, you may have a
stale ARP cache problem (This problem is described in the Proxy ARP and
one-to-one NAT documentation).
In addition to testing that you still can''t ping the IP address when
Shorewall is turned off (shorewall clear), please read
http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html -- it
should provide you with the information that you need.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net