Re: [Shorewall-users] DNAT: Use new DNS

Thu, 14 Dec 2006 07:16:55 -0800 

Christian Bayer wrote:

> 
> Logfile on Gateway:
> Dec 14 10:53:47 gw-lauf1 kernel: Shorewall:loc_dnat:DNAT:IN=eth0 OUT=
> MAC=00:e0:7d:a7:0c:bf:09:a0:f8:03:d4:c0:08:00 SRC=172.17.180.71
> DST=10.10.10.11 LEN=63 TOS=0x00 PREC=0x00 TTL=127 ID=50778 PROTO=UDP
> SPT=56997 DPT=53 LEN=43

That looks correct.

> 
> I think that the gateway doesnt rewrite the Destination IP from
> 10.10.10.11 to 10.100.100.11.
> And then the Cisco doesnt accept these Packets.

Nonsense -- the last packet that you show in the trace below is a response from
10.100.100.11 back to 172.17.180.71. But it should be returned to 172.16.180.67
rather than 162.17.180.61.

> 
> Log from TCPDUMP:
> 12:36:40.098449 172.17.180.71.17322 > 10.10.10.11.53:  10+ A?
> ica.company. (28)
> 12:36:40.098561 172.17.180.71.17322 > 10.10.10.11.53:  10+ A?
> ica.company. (28)
> 12:36:40.098817 172.17.180.71.17322 > 10.100.100.11.53:  10+ A?
> ica.company. (28)
> 12:36:40.109417 10.100.100.11.53 > 172.17.180.71.17322:  10* 3/1/3 A
> 10.100.100.24,[|domain] (DF)
> 
> 
> Any Answers ??
eth0      Link encap:Ethernet  HWaddr 00:E0:7D:A7:0B:BF
         inet addr:172.17.180.67  Bcast:172.17.180.127  Mask:255.255.255.192

Yes -- In your original post, you told me that your internal interface was
172.17.180.64/255.255.255.192 which is 172.17.180.64/26. But I wrote (and you
blindly copied) a masq entry as follows:

        /etc/shorewall/masq
        eth0:10.100.100.11      172.17.180.0/26      172.17.180.67

See the problem?
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to