Hello list,
I have set up a network similar to the two-interface howto. The external
interface's IP address is updated with a dynamic dns service; call it '
example.dyndns.org'. We have an internal mail server, and shorewall
forwards the SMTP and IMAP ports to it using a DNAT rule. We have laptops
that we carry about, sometimes on the internal network, sometimes outside.
We'd like to have a single mail client configuration where the laptops can
connect to example.dyndns.org regardless of whether they're on the internal
network or on the internet.
Shorewall, however, will not forward traffic from the internal network to
the internal network, which makes sense. When an internal machine tries to
connect to example.dynddns.org:imap, shorewall logs the rejected packet:
Sep 6 18:06:31 example kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0
SRC=192.168.1.100 DST=192.168.3.2 LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=55357
DF PROTO=TCP SPT=59969 DPT=143 WINDOW=5840 RES=0x00 SYN URGP=0
This makes sense, of course, since traffic to and from the same subnet
shouldn't be routed. I'm hoping that there will be a way to convince
Shorewall to SNAT the packet out before it is DNATted back in, or something,
such that this makes sense from a routing standpoint.
Thanks!
John
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
