[EMAIL PROTECTED] wrote:
On 9 Jan 2008 at 13:50, Tom Eastep wrote:Tom Eastep wrote:[EMAIL PROTECTED] wrote:On 9 Jan 2008 at 13:27, Tom Eastep wrote:That looks ok -- so we'll need the information I requested in my other post. -TomI sent that in another post, but I got a message that it was being help for the moderator because it was too big.Did you compress it?Note that you can also send it to [EMAIL PROTECTED] -- no size restrictions there.Since the list didn't like a zip file, here is the plain file.
Okay -- here is the problem: NAT Table Chain PREROUTING (policy ACCEPT 8 packets, 1606 bytes)pkts bytes target prot opt in out source destination 1 48 home_dnat all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 offic_dnat all -- eth2 * 0.0.0.0/0 0.0.0.0/0 8 502 offic_dnat all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
Note that traffic from all PPP interfaces is being sent into the offic_dnat chain. Chain offic_dnat (2 references)pkts bytes target prot opt in out source destination 3 144 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
Which is redirecting TCP port 80 to the local port 3128. How to fix this? You need to restrict the 'offic' zone to those IP addresses which you assign to PPP clients. I'll assume that you assign some portion of your offic net (10.1.1.0/24). In /etc/shorewall/interfaces: - ppp+ In /etc/shorewall/hosts: offic ppp+:10.1.1.0/24 Now the 'offic' zone is restricted to those hosts interfacing through a PPP device and that have addresses in 10.1.1.0/24. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: PGP signature
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
