Brian Wagener
2006-Jun-15 11:34 UTC
What happened to my shorewall? I can no longer reach apache
Hello, Here is the problem, this is a server I have at home, which is running gentoo. The other day I could not reach apache from the outside, so I tried to fix it by restarting computer, upgrading apache, upgrading shorewall, but nothing helped. I can reach apache if I do "shorewall clear", but with it active it doesn''t work. Now what is most confusing is I did not change anything. So here is what I have done, I ran tcpdump to make sure packets are reaching server which they are. There is no shorewall items in logfile to show block. I then did shorewall dump, which shows the iptables counts. The thing that looks funny is the packets are going to net2loc and eth1_fwd, instead of net2fw and eth1_in. Attached is my shorewall dump. Thanks, Brian
Tom Eastep
2006-Jun-15 13:19 UTC
Re: What happened to my shorewall? I can no longer reach apache
Brian Wagener wrote:> I then did shorewall dump, which > shows the iptables counts. The thing that looks funny is the packets are > going to net2loc and eth1_fwd, instead of net2fw and eth1_in.That''s because you are forwarding port 80 to system 10.0.0.133. Did you recently change the DNAT rule that now reads: DNAT net loc:10.0.0.133 tcp 28910,29900,29901,29920,80,443 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key