Thomas Rother wrote: > here ist the output of "shorewall show nat": > > ---------------------------------------------------------- > Shorewall 4.4.5.2 NAT Table at locutus - Wed Jan 6 22:01:57 CET 2010 > Counters reset Wed Jan 6 22:01:55 CET 2010 > > Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 0 0 dnat all -- * * 0.0.0.0/0 0.0.0.0/0 > > Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 0 0 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0 > > Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > > Chain dnat (1 references) > pkts bytes target prot opt in out source destination > 0 0 urban_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0 > > Chain eth0_masq (1 references) > pkts bytes target prot opt in out source destination > 0 0 MASQUERADE all -- * * 192.168.72.0/24 0.0.0.0/0 > > Chain urban_dnat (1 references) > pkts bytes target prot opt in out source destination > 0 0 DNAT udp -- * * 0.0.0.0/0 192.168.172.1 > udp dpt:137 to:192.168.72.2:137 > 0 0 DNAT udp -- * * 0.0.0.0/0 192.168.172.1 > udp dpt:138 to:192.168.72.2:138 > 0 0 DNAT tcp -- * * 0.0.0.0/0 192.168.172.1 > tcp dpt:139 to:192.168.72.2:139 > 0 0 DNAT tcp -- * * 0.0.0.0/0 192.168.172.1 > tcp dpt:445 to:192.168.72.2:445 > ----------------------------------------------------------
According to that output, no SMB traffic is reaching eth0. > > I can reach the firewall machine throught smbclient: answers come back > if I open the local smb server to respond to requests from the "urban" > zone. But if I close the local server for this side and add the > forwarding rule, I don't get any response from the ...72.2 machine. > > Where is my fault? Did I miss something obvious? Do I have a conflict > with some other NAT rule? I'm a bit lost now, would be very nice if > someone can give me the crucial hint ;-) Shorewall FAQs 1a and 1b give complete DNAT troubleshooting instructions. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
