Greetings, I have a Shorewall configuration with 2 WAN subnets bound to eth0 and eth1 and 2 LAN interfaces bound to eth2 and eth3. We have a web/e-mail server on eth3 in the 192.168.30.0/24 subnet at 192.168.30.10. I have 2 rules to DNAT TCP traffic on ports 80 and 110 arriving on specific IP's (eth0:70.143.10.135 and eth1:12.22.105.135) to be forwarded to eth3:192.168.30.10.
/etc/shorewall/providers ISP1 1 1 main eth0 70.143.10.129 track,balance eth2,eth3 ISP2 2 2 main eth1 12.22.105.129 track,balance eth2,eth3 /etc/shorewall/interfaces net eth0 detect tcpflags,blacklist,routefilter,nosmurfs,logmartians net eth1 detect tcpflags,blacklist,routefilter,nosmurfs,logmartians loc eth2 10.15.3.255 detectnets,routeback dmz eth3 192.168.30.255 detectnets /etc/shorewall/rules DNAT net dmz:192.168.30.10 TCP 80 - 12.22.105.135,70.143.10.135 DNAT net dmz:192.168.30.10 TCP 110 - 12.22.105.135,70.143.10.135 Only traffic arriving on eth1:12.22.105.135 works. Traffic arriving on eth0:70.143.10.135 is being forwarded to 192.168.30.10 as witnessed by 'tcpdump' but is not sent back out, the return packet stops at eth3 and does not appear at eth0. I have attached a 'shorewall dump' for your reference. Any assistance would be greatly appreciated. Please let me know if there is additional information or clarification I should provide. Best regards, Mark.
status.txt.bz2
Description: Binary data
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
