Hey all, I''m having a problem which I can''t figure out. I''ve studied the FAQ and how-tos, but I must be overlooking something. Here is my situation. I have a server running Shorewall-perl 4.2.9 with an external ip (eth0) and an internal ip (eth1 192.168.101.27). Within my network I have multiple servers running various services with extra external IPs assisgned to them. But they don''t actually have it on the servers, just one ethernet card with an internal ip. I''m trying to open up FTP/RDP to one server on our network, but when I do a DNAT using the FTP/RDP macro, it doesn''t work from the outside! When I do a tcpdump, it looks like the packets never hit my gateway at all. Because the shorewall show log command shows nothing was dropped. Included are the zones, rules, etc. Thanks for the help! ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
Drew M wrote:> Hey all, > I''m having a problem which I can''t figure out. I''ve studied the FAQ > and how-tos, but I must be overlooking something. Here is my > situation. I have a server running Shorewall-perl 4.2.9 with an > external ip (eth0) and an internal ip (eth1 192.168.101.27). Within my > network I have multiple servers running various services with extra > external IPs assisgned to them. But they don''t actually have it on the > servers, just one ethernet card with an internal ip. I''m trying to open > up FTP/RDP to one server on our network, but when I do a DNAT using the > FTP/RDP macro, it doesn''t work from the outside! When I do a tcpdump, > it looks like the packets never hit my gateway at all.If you don''t see the traffic in tcpdump then no amount of configuration changing on your firewall will fix the problem. A router can''t route packets that are not sent to it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
Yah, I figured that. Just wondering if I need to setup a bridge or what? I just did another tcpdump, and then used a pc from the outside to do a traceroute to the internal server and it saw that. *shrugs* On Mon, Jun 15, 2009 at 10:26 AM, Tom Eastep <teastep@shorewall.net> wrote:> Drew M wrote: > > Hey all, > > I''m having a problem which I can''t figure out. I''ve studied the FAQ > > and how-tos, but I must be overlooking something. Here is my > > situation. I have a server running Shorewall-perl 4.2.9 with an > > external ip (eth0) and an internal ip (eth1 192.168.101.27). Within my > > network I have multiple servers running various services with extra > > external IPs assisgned to them. But they don''t actually have it on the > > servers, just one ethernet card with an internal ip. I''m trying to open > > up FTP/RDP to one server on our network, but when I do a DNAT using the > > FTP/RDP macro, it doesn''t work from the outside! When I do a tcpdump, > > it looks like the packets never hit my gateway at all. > > If you don''t see the traffic in tcpdump then no amount of configuration > changing on your firewall will fix the problem. A router can''t route > packets that are not sent to it. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
Drew M wrote:> Yah, I figured that. Just wondering if I need to setup a bridge or > what? I just did another tcpdump, and then used a pc from the outside > to do a traceroute to the internal server and it saw that. *shrugs*Sounds like your ISP is blocking the inbound connection request. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects