Gianni Socionovo
2008-Aug-05 10:32 UTC
Re: Shorewall 4.06 + DNAT + Problem with internalrouting
OpenGroupware.org
Re: [Shorewall-users] Shorewall 4.06 + DNAT + Problem with internalrouting
mailLabel&nbsp
sender:
Gianni Socionovo
<#AttributeCell>
<#Font><#DateLabel/>:#Font>
#AttributeCell>
<#ValueCell>
<#Font><#Date/> #Font>
#ValueCell>
content:
Shorewall Users wrote:
> Gianni Socionovo wrote:
>
> >
> > from the log i got:
> >
> > Aug 4 19:10:07 mylinuxbox kernel: [276232.278815]
Shorewall:net_dnat:DNAT:IN=eth0 SRC=88.xx.xx.xx DST=88.xx.xx.1 LEN=48 TOS=0x00
PREC=0x00 TTL=128 ID=4891 DF PROTO=TCP SPT=1128 DPT=22 WINDOW=16384 RES=0x00 SYN
URGP=0
> > Aug 4 19:10:07 mylinuxbox kernel: [276232.278839]
Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=88.xx.xx.xx DST=10.10.2.4 LEN=48
TOS=0x00 PREC=0x00 TTL=127 ID=4891 DF PROTO=TCP SPT=1128 DPT=80 WINDOW=16384
RES=0x00 SYN URGP=0
> >
> > It seem that DNAT rule work well but after DNAT REJECT policy
ta
kes place.
> >
> > Can anyone help me to solve the configuration error? I need
urgently to
> > set other DNAT rules towards the other nested zones.
&g
t;
> It''s a routing issue. See
http://www.shorewall.net/Multiple_Zones.html
I think is not a routing issue, I red and followed the paper
http://www.shorewall.net/Multiple_Zones.html before configuring shorewall. If I
stop Shorewall internal subnets routing works fine.
I tryed also to set
>
> -Tom
> --
> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
> Shoreline, \ http://shorewall.net
> Washington USA \ teastep@shorewall.net
> PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
>
>
--
Ing. Gianni Socionovo
MEP SpA
footerRowLabel1
5
©
footerRowLabel2
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/