In my peculiar setup I need my shorewall router to do one-to-one NAT with RFC1918 addresses. The "external" addresses are 10.215.0.0 and the internal addresses are 192.168.0.0. I can ping, vnc, http, smb from 10.215.144.48 to 10.215.145.237 which is 192.168.44.237 internally.>From 192.168.44.237 I can do http, rdp, ping to10.215.0.0 hosts. So all seems fine except for the fact that I can''t access the shorewall router either from 10.215.144.48 (net) or 192.168.44.237 (loc). I tried ssh and http. However, pings to fw work from both net and loc. I placed a shorewall dump and some tcpdumps here: http://fhm.zapto.org/shorewall/shorewall_dump.tar.gz I would appreciate it if someone could give me a clue as to what is wrong. Thanks, Vieri ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Vieri Di Paola wrote:> > I placed a shorewall dump and some tcpdumps here: > http://fhm.zapto.org/shorewall/shorewall_dump.tar.gz > > I would appreciate it if someone could give me a clue > as to what is wrong.The Shorewall-generated ruleset is not producing the RST responses. What does "netstat -tnap | grep ssh" show on the firewall? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
--- Tom Eastep <teastep@shorewall.net> wrote:> The Shorewall-generated ruleset is not producing the > RST responses. > > What does "netstat -tnap | grep ssh" show on the > firewall?I apologize for the noise. The problem was that my ssh daemon had died. Everything is working as expected now. Thanks. Vieri ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/