Shorewall users - Dec 2012 - [Problem]: Can't make a connection from "masq PC" to "nat PC" using "nat PublicIP" in the same shorewall box

Hi all,

I have a shorewall with three interfaces:

---------------------------------------------------------
                                      |-----<PC01>
<internet> --- <shorewall> |
                                      |-----<PC02>
--------------------------------------------------------
  + eth0 connect to internet and has Public IP A
  + eth1 connect to PC01
  + eth2 connect to PC02

And shorewall is configured like this:
  + PC01 is masq with Public IP A
  + PC02 is nat one-to-one with Public IP B

And the result is:
  + PC01 can connect to internet (ping to 8.8.8.8 successfully)
  + PC02:
               - can connect to internet (ping to 8.8.8.8 successfully)
               - internet can connect to Public IP B (ping to Public IP B
successfully)
  + However PC01 can''t connect to Public IP B (from PC01 ping to Public
IP
B unsuccessfully)

Please help me to fix this problem (PC01 can ping to Public IP B
successfully).

Thanks all so much!
-- 
Nguyen Thinh


------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712

On 12/27/2012 01:18 AM, Thinh Nguyen wrote:
> Hi all,
> 
> I have a shorewall with three interfaces:
> 
> ---------------------------------------------------------
>                                       |-----<PC01>
> <internet> --- <shorewall> |
>                                       |-----<PC02>
> --------------------------------------------------------
>   + eth0 connect to internet and has Public IP A
>   + eth1 connect to PC01
>   + eth2 connect to PC02
> 
> And shorewall is configured like this:
>   + PC01 is masq with Public IP A
>   + PC02 is nat one-to-one with Public IP B
> 
> And the result is:
>   + PC01 can connect to internet (ping to 8.8.8.8 successfully)
>   + PC02:
>                - can connect to internet (ping to 8.8.8.8 successfully)
>                - internet can connect to Public IP B (ping to Public IP
> B successfully)
>   + However PC01 can''t connect to Public IP B (from PC01 ping to
Public
> IP B unsuccessfully)
> 
> Please help me to fix this problem (PC01 can ping to Public IP B
> successfully).
Please forward the output of ''shorewall dump'' as a compressed
attachment.

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712

On 12/27/2012 01:18 AM, Thinh Nguyen wrote:
> Hi all,
> 
> I have a shorewall with three interfaces:
> 
> ---------------------------------------------------------
>                                       |-----<PC01>
> <internet> --- <shorewall> |
>                                       |-----<PC02>
> --------------------------------------------------------
>   + eth0 connect to internet and has Public IP A
>   + eth1 connect to PC01
>   + eth2 connect to PC02
> 
> And shorewall is configured like this:
>   + PC01 is masq with Public IP A
>   + PC02 is nat one-to-one with Public IP B
> 
> And the result is:
>   + PC01 can connect to internet (ping to 8.8.8.8 successfully)
>   + PC02:
>                - can connect to internet (ping to 8.8.8.8 successfully)
>                - internet can connect to Public IP B (ping to Public IP
> B successfully)
>   + However PC01 can''t connect to Public IP B (from PC01 ping to
Public
> IP B unsuccessfully)
> 
> Please help me to fix this problem (PC01 can ping to Public IP B
> successfully).
> 
Put ''Yes'' in the ALL INTERFACES column of the entry for PC02
in
/etc/shorewall/nat.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712