Re: [Shorewall-users] DNAT: Use new DNS

Thu, 14 Dec 2006 07:33:33 -0800 

NO COMMENT !!!

it was a very hard week !!

Thanks Tom !!

Christian

Tom Eastep schrieb:
> Christian Bayer wrote:
>
>   
>> Logfile on Gateway:
>> Dec 14 10:53:47 gw-lauf1 kernel: Shorewall:loc_dnat:DNAT:IN=eth0 OUT=
>> MAC=00:e0:7d:a7:0c:bf:09:a0:f8:03:d4:c0:08:00 SRC=172.17.180.71
>> DST=10.10.10.11 LEN=63 TOS=0x00 PREC=0x00 TTL=127 ID=50778 PROTO=UDP
>> SPT=56997 DPT=53 LEN=43
>>     
>
> That looks correct.
>
>   
>> I think that the gateway doesnt rewrite the Destination IP from
>> 10.10.10.11 to 10.100.100.11.
>> And then the Cisco doesnt accept these Packets.
>>     
>
> Nonsense -- the last packet that you show in the trace below is a response 
> from
> 10.100.100.11 back to 172.17.180.71. But it should be returned to 
> 172.16.180.67
> rather than 162.17.180.61.
>
>   
>> Log from TCPDUMP:
>> 12:36:40.098449 172.17.180.71.17322 > 10.10.10.11.53:  10+ A?
>> ica.company. (28)
>> 12:36:40.098561 172.17.180.71.17322 > 10.10.10.11.53:  10+ A?
>> ica.company. (28)
>> 12:36:40.098817 172.17.180.71.17322 > 10.100.100.11.53:  10+ A?
>> ica.company. (28)
>> 12:36:40.109417 10.100.100.11.53 > 172.17.180.71.17322:  10* 3/1/3 A
>> 10.100.100.24,[|domain] (DF)
>>
>>
>> Any Answers ??
>>     
> eth0      Link encap:Ethernet  HWaddr 00:E0:7D:A7:0B:BF
>          inet addr:172.17.180.67  Bcast:172.17.180.127  Mask:255.255.255.192
>
> Yes -- In your original post, you told me that your internal interface was
> 172.17.180.64/255.255.255.192 which is 172.17.180.64/26. But I wrote (and you
> blindly copied) a masq entry as follows:
>
>       /etc/shorewall/masq
>       eth0:10.100.100.11      172.17.180.0/26      172.17.180.67
>
> See the problem?
> -Tom
>   

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to