Roberto Tagliaferri wrote: > > > Logwatch say: > > Oct 23 07:48:52 net_dnat:DNAT:IN=eth0 OUT= SRC=20.20.20.20 DST=1.1.1.11 > LEN=56 TOS=0x00 PREC=0x00 TTL=64 ID=46360 DF PROTO=TCP SPT=41873 DPT=80 > WINDOW=5840 RES=0x00 SYN URGP=0
So draw yourself a picture. a) 20.20.20.20 connects to 1.1.1.11. b) The connection is redirected to 2.2.2.10 c) 2.2.2.10 replies to the request d) 20.20.20.20 receives the reply from 2.2.2.10 What do you suppose 20.20.20.20 does with that reply? It throws it away, of course, because it has sent no requests to 2.2.2.10. This is Shorewall FAQ 2 applied to the net zone rather than the loc zone. And the same kludgy hack is required to make it work (you must make all redirected requests look as if they came from 1.1.1.11 (or 1.1.1.254). Without seeing your /etc/shorewall/masq file, I can't tell you the best way to do that. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
