Hi All,
I've been trying to debug a problem with DNAT on the a Bering 1.2
VPN/Firewall. I originally tried this with H323, but as few people have
any experience with H323, I tried FTP as both use ip_conntrack modules.
Getting the same results with both of them, I then tried HTTP which does
not need a separate ip_conntrack module..
I'm not changing port numbers, just passing the native port straight
through. The DNAT rule is coded just as the Shorewall documentation says:
DNAT net loc:192.153.64.209 ftp,http,1720,1503
In all cases I can connect to the server from clients on the local LAN
(eth1) and from clients on the VPN (ipsec0). Clients on the same LAN as
the external inteface (eth0) cannot connect.
I put sniffers on both interfaces of the firewall, and see packets moving
in and out as they should. The address translation seems to be working.
However the results are always the same with every connection type:
A SYN comes in from the Client,
an ACK is sent back from the server,
then the client sends an RST
Does anyone know what I can be doing wrong that will cause this to happen?
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
