I had this all working at one point, but I restarted my server and now it is broke and I cannot figure out why. I have a 1:1 nat 69.128.165.227 --> 172.28.101.21 UDP ports 59001, 59100:59300. I get these messages and the packets will not go threw. I have check all my rules and nat file and tried everything I could find and nothing would work. eth2 has 2 addresses, the primary is 69.128.165.228 and the second is 69.128.165.227 and it should 1:1 to 172.28.101.21 Feb 26 09:26:57 services kernel: Shorewall:net2all:DROP:IN=eth2 OUT= MAC=00:0a:cd:18:c8:f4:00:21:d8:45:97:03:08:00 SRC=76.255.20.195 DST=69.128.165.227 LEN=68 TOS=0x00 PREC=0x00 TTL=119 ID=21930 DF PROTO=UDP SPT=59214 DPT=59001 LEN=48 Feb 26 09:26:59 services kernel: Shorewall:net2all:DROP:IN=eth2 OUT= MAC=00:0a:cd:18:c8:f4:00:21:d8:45:97:03:08:00 SRC=24.14.108.220 DST=69.128.165.227 LEN=68 TOS=0x00 PREC=0x00 TTL=114 ID=21930 DF PROTO=UDP SPT=59208 DPT=59001 LEN=48 Feb 26 09:27:07 services kernel: Shorewall:net2all:DROP:IN=eth2 OUT= MAC=00:0a:cd:18:c8:f4:00:21:d8:45:97:03:08:00 SRC=76.255.20.195 DST=69.128.165.227 LEN=68 TOS=0x00 PREC=0x00 TTL=119 ID=21930 DF PROTO=UDP SPT=59214 DPT=59001 LEN=48 Feb 26 09:27:09 services kernel: Shorewall:net2all:DROP:IN=eth2 OUT= MAC=00:0a:cd:18:c8:f4:00:21:d8:45:97:03:08:00 SRC=24.14.108.220 DST=69.128.165.227 LEN=68 TOS=0x00 PREC=0x00 TTL=114 ID=21930 DF PROTO=UDP SPT=59208 DPT=59001 LEN=48 ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Jeremy wrote:> I had this all working at one point, but I restarted my server and now > it is broke and I cannot figure out why. I have a 1:1 nat 69.128.165.227 > --> 172.28.101.21 UDP ports 59001, 59100:59300. I get these messages and > the packets will not go threw. I have check all my rules and nat file > and tried everything I could find and nothing would work. eth2 has 2 > addresses, the primary is 69.128.165.228 and the second is > 69.128.165.227 and it should 1:1 to 172.28.101.21This is likely a consequence of starting Shorewall after starting Networking. UDP port 59001 packets were received from 76.255.20.195 after Networking was started but before the appropriate nat rules were in place. Install the conntrack package and, as root, run ''conntrack -F''. You can avoid this problem in the future by doing one of two things: a) Modify your startup environment so that the ''-p'' option is passed (e.g., /sbin/shorewall start -p). b) In /etc/shorewall/start, add: [ "$COMMAND" = start ] && /usr/sbin/conntrack -F The latter assumes that the conntrack binary resides in /usr/sbin as it does on Debian. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Tom Eastep wrote: uture by doing one of two things:> > a) Modify your startup environment so that the ''-p'' option is passed > (e.g., /sbin/shorewall start -p).I just noticed that you are running an extremely old version of Shorewall which doesn''t support the ''-p'' option. It would be wise to upgrade. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev