I had this working and updated the kernel and shorewall to the latest version. The DNATS no longer work - specifically ActiveSync. Attached is a shorewall dump. Thanks Vernon ----------------------- Vernon (Andy) Fort Provident Solutions, LLC Office - (615) 406-5540 provident-solutions.com ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! www2.precog.com/precogplatform/slashdotnewsletter
On 04/18/2013 02:18 PM, Vernon Fort wrote:> I had this working and updated the kernel and shorewall to the latest > version. The DNATS no longer work – specifically ActiveSync. Attached > is a shorewall dump.This is very strange: tcp 6 271447 ESTABLISHED src=192.168.1.12 dst=70.199.129.66 sport=443 dport=10653 [UNREPLIED] src=70.199.129.66 dst=63.168.72.10 sport=10653 dport=443 mark=0 secctx=null use=2 It looks as though the conntrack entries are being built backwards with the reply as the original direction. I have no idea what''s causing that, but if you install the ''conntrack'' utility, we might learn more. Thanks -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! www2.precog.com/precogplatform/slashdotnewsletter
Tom, When I disable the following from rtrules: eth0 - CABLE 1000 everything works as expected. But when I enable (uncomment), none of the DNATs work. I have this commented out for now but I must be missing something in the docs. I did get the conntrack utility installed but I need a little guidance on usage. Vernon -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Thursday, April 18, 2013 5:25 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] multi-isp On 04/18/2013 02:18 PM, Vernon Fort wrote:> I had this working and updated the kernel and shorewall to the latest > version. The DNATS no longer work - specifically ActiveSync. > Attached is a shorewall dump.This is very strange: tcp 6 271447 ESTABLISHED src=192.168.1.12 dst=70.199.129.66 sport=443 dport=10653 [UNREPLIED] src=70.199.129.66 dst=63.168.72.10 sport=10653 dport=443 mark=0 secctx=null use=2 It looks as though the conntrack entries are being built backwards with the reply as the original direction. I have no idea what''s causing that, but if you install the ''conntrack'' utility, we might learn more. Thanks -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! www2.precog.com/precogplatform/slashdotnewsletter
On 4/19/13 5:02 PM, "Vernon Fort" <vfort@provident-solutions.com> wrote:>Tom, > When I disable the following from rtrules: > > eth0 - CABLE 1000 > >everything works as expected. But when I enable (uncomment), none of the >DNATs work. I have this commented out for now but I must be missing >something in the docs. I did get the conntrack utility installed but I >need a little guidance on usage.''Shorewall dump'' gives more meaningful output when that utility is installed. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! www2.precog.com/precogplatform/slashdotnewsletter