>
> > Tom,
> >
> > Thanks for your swift reply, and sorry for missing such basic information
> > initially!
> >
> > I'm using Shorewall-perl version 4.2.10 (latest available in Ubuntu's
> > repository).
> >
> >
> > Travis Veazey wrote:
> >
> > > Any time we make changes to the firewall configurations and issue a
> > > shorewall
> > > safe-restart command, all of our phone calls (we are using an
> Asterisk
> > > server behind our
> > > firewall) get dropped.
>
> The nat table rules are replaced atomically when using Shorewall-perl so
> I think we need to look elsewhere. What other Shorewall features are you
> using besides DNAT/SNAT and traffic shaping?
>
> -Tom
>
We're using DNAT, traffic shaping, accounting, and one change to the modules
file as described here: http://www.shorewall.net/FAQ.htm#faq77 We have no
SNAT beyond the standard egress masquerade. We do have multiple IP
addresses on the external interface - 4, to be precise - but those are set
up via
our distribution's built-in networking utilities, so Shorewall shouldn't be
doing
anything to those, right? We have DNAT rules that forward the same ports on
different IPs to different internal servers.
We also have a tunnel interface set up to accept OpenVPN connections, with
of course the necessary DNAT etc to make that work.
If there's anything more specific you need to know, let me know. I don't
want
to just flood you with our config files. Thanks for your help!
-Travis
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
