I have followed the instructions at http://shorewall.net/FAQ.htm#faq2 along with some coaching on IRC from _Omache to get a machine (with IP address 66.93.22.233) to forward all port 25 traffic to another host in my network (with IP 66.93.22.254). This has not worked. I have tested by trying `telnet 66.93.22.233 25`, expecting to see the SMTP banner on 66.93.22.254. Of course, I don''t see the banner. However, as the tcpdump output shows, the packets are, in fact, arriving at 66.93.22.233, they just never leave. If there is anything else I can to help determine if this is a real bug, please let me know. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto
On Tuesday 14 March 2006 18:59, Roberto C. Sanchez wrote:> I have followed the instructions at http://shorewall.net/FAQ.htm#faq2 > along with some coaching on IRC from _Omache to get a machine (with IP > address 66.93.22.233) to forward all port 25 traffic to another host in > my network (with IP 66.93.22.254). This has not worked. I have tested > by trying `telnet 66.93.22.233 25`, expecting to see the SMTP banner on > 66.93.22.254. Of course, I don''t see the banner. > > However, as the tcpdump output shows, the packets are, in fact, arriving > at 66.93.22.233, they just never leave. > > If there is anything else I can to help determine if this is a real bug, > please let me know.Your DNAT rule was backwards. You had: DNAT net net:66.93.22.233 tcp net - 66.93.22.254 You wanted: DNAT net net:66.93.22.254 tcp net - 66.93.22.233 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Tuesday 14 March 2006 19:07, Tom Eastep wrote:> On Tuesday 14 March 2006 18:59, Roberto C. Sanchez wrote: > > I have followed the instructions at http://shorewall.net/FAQ.htm#faq2 > > along with some coaching on IRC from _Omache to get a machine (with IP > > address 66.93.22.233) to forward all port 25 traffic to another host in > > my network (with IP 66.93.22.254). This has not worked. I have tested > > by trying `telnet 66.93.22.233 25`, expecting to see the SMTP banner on > > 66.93.22.254. Of course, I don''t see the banner. > > > > However, as the tcpdump output shows, the packets are, in fact, arriving > > at 66.93.22.233, they just never leave. > > > > If there is anything else I can to help determine if this is a real bug, > > please let me know. > > Your DNAT rule was backwards. > > You had: > > DNAT net net:66.93.22.233 tcp net - 66.93.22.254 > > You wanted: > > DNAT net net:66.93.22.254 tcp net - 66.93.22.233 >Please ignore the above -- I will take more time and respond tomorrow. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Tuesday 14 March 2006 18:59, Roberto C. Sanchez wrote:> I have followed the instructions at http://shorewall.net/FAQ.htm#faq2 > along with some coaching on IRC from _Omache to get a machine (with IP > address 66.93.22.233) to forward all port 25 traffic to another host in > my network (with IP 66.93.22.254). This has not worked. I have tested > by trying `telnet 66.93.22.233 25`, expecting to see the SMTP banner on > 66.93.22.254. Of course, I don''t see the banner. > > However, as the tcpdump output shows, the packets are, in fact, arriving > at 66.93.22.233, they just never leave. > > If there is anything else I can to help determine if this is a real bug, > please let me know./proc /proc/version = Linux version 2.6.12.6-xen (root@pc1) (gcc version 3.3.5 (Debian 1:3.3.5-13)) #1 SMP Thu Feb 2 08:00:47 UTC 2006 /proc/sys/net/ipv4/ip_forward = 0 <======================================= /proc/sys/net/ipv4/icmp_echo_ignore_all = 0 You did not enable IP forwarding on the system. You need to set IP_FORWARD=Yes in shorewall.conf. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Tuesday 14 March 2006 19:32, Tom Eastep wrote:> On Tuesday 14 March 2006 18:59, Roberto C. Sanchez wrote: > > I have followed the instructions at http://shorewall.net/FAQ.htm#faq2 > > along with some coaching on IRC from _Omache to get a machine (with IP > > address 66.93.22.233) to forward all port 25 traffic to another host in > > my network (with IP 66.93.22.254). This has not worked. I have tested > > by trying `telnet 66.93.22.233 25`, expecting to see the SMTP banner on > > 66.93.22.254. Of course, I don''t see the banner. > > > > However, as the tcpdump output shows, the packets are, in fact, arriving > > at 66.93.22.233, they just never leave. > > > > If there is anything else I can to help determine if this is a real bug, > > please let me know. > > /proc > > /proc/version = Linux version 2.6.12.6-xen (root@pc1) (gcc version 3.3.5 > (Debian 1:3.3.5-13)) #1 SMP Thu Feb 2 08:00:47 UTC 2006 > /proc/sys/net/ipv4/ip_forward = 0 > <=======================================> /proc/sys/net/ipv4/icmp_echo_ignore_all = 0 > > You did not enable IP forwarding on the system. You need to set > IP_FORWARD=Yes in shorewall.conf.Make that IP_FORWARDING=Yes... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Tuesday 14 March 2006 19:39, Tom Eastep wrote:> On Tuesday 14 March 2006 19:32, Tom Eastep wrote: > > On Tuesday 14 March 2006 18:59, Roberto C. Sanchez wrote: > > > I have followed the instructions at http://shorewall.net/FAQ.htm#faq2 > > > along with some coaching on IRC from _Omache to get a machine (with IP > > > address 66.93.22.233) to forward all port 25 traffic to another host in > > > my network (with IP 66.93.22.254). This has not worked. I have tested > > > by trying `telnet 66.93.22.233 25`, expecting to see the SMTP banner on > > > 66.93.22.254. Of course, I don''t see the banner. > > > > > > However, as the tcpdump output shows, the packets are, in fact, > > > arriving at 66.93.22.233, they just never leave. > > > > > > If there is anything else I can to help determine if this is a real > > > bug, please let me know. > > > > /proc > > > > /proc/version = Linux version 2.6.12.6-xen (root@pc1) (gcc version > > 3.3.5 (Debian 1:3.3.5-13)) #1 SMP Thu Feb 2 08:00:47 UTC 2006 > > /proc/sys/net/ipv4/ip_forward = 0 > > <=======================================> > /proc/sys/net/ipv4/icmp_echo_ignore_all = 0 > > > > You did not enable IP forwarding on the system. You need to set > > IP_FORWARD=Yes in shorewall.conf. > > Make that IP_FORWARDING=Yes...Sigh -- I should have waited until tomorrow morning -- should be "IP_FORWARDING=On". Good Night Gracie... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> On Tuesday 14 March 2006 19:39, Tom Eastep wrote: > >>On Tuesday 14 March 2006 19:32, Tom Eastep wrote: >> >>>On Tuesday 14 March 2006 18:59, Roberto C. Sanchez wrote: >>> >>>>I have followed the instructions at http://shorewall.net/FAQ.htm#faq2 >>>>along with some coaching on IRC from _Omache to get a machine (with IP >>>>address 66.93.22.233) to forward all port 25 traffic to another host in >>>>my network (with IP 66.93.22.254). This has not worked. I have tested >>>>by trying `telnet 66.93.22.233 25`, expecting to see the SMTP banner on >>>>66.93.22.254. Of course, I don''t see the banner. >>>> >>>>However, as the tcpdump output shows, the packets are, in fact, >>>>arriving at 66.93.22.233, they just never leave. >>>> >>>>If there is anything else I can to help determine if this is a real >>>>bug, please let me know. >>> >>>/proc >>> >>> /proc/version = Linux version 2.6.12.6-xen (root@pc1) (gcc version >>>3.3.5 (Debian 1:3.3.5-13)) #1 SMP Thu Feb 2 08:00:47 UTC 2006 >>> /proc/sys/net/ipv4/ip_forward = 0 >>><=======================================>>>/proc/sys/net/ipv4/icmp_echo_ignore_all = 0 >>> >>>You did not enable IP forwarding on the system. You need to set >>>IP_FORWARD=Yes in shorewall.conf. >> >>Make that IP_FORWARDING=Yes... > > > Sigh -- I should have waited until tomorrow morning -- should be > "IP_FORWARDING=On". > > Good Night Gracie... > > -TomThanks for all your help. Glad I could help improve the docs :-) -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto