I have/had a working shorewall under 3.0, I have upgraded (Fedora Core 5) to 3.2 and DNAT is all broken. I have the following setup... params: INT_IF=eth0 DMZ_IF=eth1 EXT_IF=eth2 WIFI_IF=eth3 interfaces: loc $INT_IF detect dhcp,routeback,logmartians dmz $DMZ_IF detect logmartians net $EXT_IF detect dhcp,norfc1918,logmartians,blacklist,tcpflags,nosmurfs wifi $WIFI_IF rules: DNAT net dmz:$SVR_DMZ_MAIL tcp smtp - If I do an ''shorewall compile'' then $SVR_DMZ_MAIL comes out correctly but the ''net'' address is resolved as the address of eth3, i.e. ''wifi'' I have reviewed the Troubleshooting Guide but that has yielded nothing. Does anyone have a clue to help? ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
you should provide more information. anyway, in your case, i never experienced this problem before but can you replace your "interfaces" file with something like this? :- loc eth0 dmz eth1 net eth2 wifi eth3 really just my 2 cents.. On 8/28/06, Gawain Lynch <lists-gawain@felicity-group.com> wrote:> I have/had a working shorewall under 3.0, I have upgraded (Fedora Core > 5) to 3.2 and DNAT is all broken. > > I have the following setup... > params: > INT_IF=eth0 > DMZ_IF=eth1 > EXT_IF=eth2 > WIFI_IF=eth3 > > interfaces: > loc $INT_IF detect dhcp,routeback,logmartians > dmz $DMZ_IF detect logmartians > net $EXT_IF detect > dhcp,norfc1918,logmartians,blacklist,tcpflags,nosmurfs > wifi $WIFI_IF > > rules: > DNAT net dmz:$SVR_DMZ_MAIL tcp smtp - > > If I do an ''shorewall compile'' then $SVR_DMZ_MAIL comes out correctly > but the ''net'' address is resolved as the address of eth3, i.e. ''wifi'' > > I have reviewed the Troubleshooting Guide but that has yielded nothing. > > Does anyone have a clue to help? > > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Mon, 2006-08-28 at 21:56 +0800, Wong Chee Chun wrote:> you should provide more information.No problem. What information can I provide?> anyway, in your case, i never experienced this problem before but can > you replace your "interfaces" file with something like this? :- > > loc eth0 > dmz eth1 > net eth2 > wifi eth3OK, but is not the purpose of `params'' to obsolete such explicitly defined parameters in other files? Thanks, Gawain ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On 8/28/06, Gawain Lynch <lists-gawain@felicity-group.com> wrote:> On Mon, 2006-08-28 at 21:56 +0800, Wong Chee Chun wrote: > > you should provide more information. > > No problem. What information can I provide? >you should provide us the output of "shorewall dump" command. make it an attachment or paste it somewhere else on the Internet. maybe you can have a look at http://shorewall.net/support.htm for more information. by the way, what do you mean by "If I do an ''shorewall compile'' then $SVR_DMZ_MAIL comes out correctly" ? ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Mon, 2006-08-28 at 22:21 +0800, Wong Chee Chun wrote:> On 8/28/06, Gawain Lynch <lists-gawain@felicity-group.com> wrote: > > On Mon, 2006-08-28 at 21:56 +0800, Wong Chee Chun wrote: > > > you should provide more information. > > > > No problem. What information can I provide? > > > > you should provide us the output of "shorewall dump" command. make it > an attachment or paste it somewhere else on the Internet. maybe you > can have a look at http://shorewall.net/support.htm for more > information. >Attached.> by the way, what do you mean by "If I do an ''shorewall compile'' then > $SVR_DMZ_MAIL comes out correctly" ?I meant that the shell variable was correctly expanded to what was in params. This does not seem to be the case with EXT_IF... ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Gawain Lynch wrote:> On Mon, 2006-08-28 at 22:21 +0800, Wong Chee Chun wrote: >> On 8/28/06, Gawain Lynch <lists-gawain@felicity-group.com> wrote: >>> On Mon, 2006-08-28 at 21:56 +0800, Wong Chee Chun wrote: >>>> you should provide more information. >>> No problem. What information can I provide? >>> >> you should provide us the output of "shorewall dump" command. make it >> an attachment or paste it somewhere else on the Internet. maybe you >> can have a look at http://shorewall.net/support.htm for more >> information. >> > Attached. > >> by the way, what do you mean by "If I do an ''shorewall compile'' then >> $SVR_DMZ_MAIL comes out correctly" ? > > I meant that the shell variable was correctly expanded to what was in > params. This does not seem to be the case with EXT_IF... >This sounds like the last problem described at http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.2/known_problems.txt -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Tom Eastep wrote:> > > This sounds like the last problem described at > http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.2/known_problems.txtGawain, Have you tried applying the fix for the above-described problem? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Mon, 2006-08-28 at 07:36 -0700, Tom Eastep wrote:> This sounds like the last problem described at > http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.2/known_problems.txt >This was indeed the problem, thank you! ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642