Centos 5.3 Got lost in my ramblings i guess. I believe it uses conntrack On 10/1/09, Tom Eastep <[email protected]> wrote: > Red Baron wrote: >> Simple Network >> >> eth0: NET (12.12.13.1/27 <http://12.12.13.1/27>) >> eth1: LOC (192.168.1.1/24 <http://192.168.1.1/24>) >> >> The Net has 4 PC's and 1 Asterisk box. Asterisk is on 192.168.1.2. I >> have configured it for 1:1 nat to the outside. This appears to work, but >> I have trouble if the firewall reboots, I ***MUST** reboot the asterisk >> box in order for it to re-establish connections. If i do not do the >> reboot, then inbound traffic never makes it past the NAT, and neither >> does outbound. >> >> According to the docs, I may need to exclude 192.168.1.2 from the masq, >> but when I modified it to exclude that one IP, things seemed worse. > > One-to-one NAT takes precedence over masq; there is no need to omit the > address from MAQ. > > >> Any help would be appreciated. > > You don't say which distribution you are using so I can't give you > specifics but you might try the following: > > a) Install the conntrack package (On Debian, it provides > /usr/sbin/conntrack); and > > b) Use the "-p" option when starting Shorewall at boot. You will need to > modify /etc/init.d/shorewall to do that (the "-p" should appear after > "start"). > > HTH, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >
-- Sent from my mobile device ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
