Travis Veazey wrote: > > Tom, > > > > Thanks for your swift reply, and sorry for missing such basic > information > > initially! > > > > I'm using Shorewall-perl version 4.2.10 (latest available in Ubuntu's > > repository). > > > > > > Travis Veazey wrote: > > > > > Any time we make changes to the firewall configurations and > issue a > > > shorewall > > > safe-restart command, all of our phone calls (we are using > an Asterisk > > > server behind our > > > firewall) get dropped. > > The nat table rules are replaced atomically when using Shorewall-perl so > I think we need to look elsewhere. What other Shorewall features are you > using besides DNAT/SNAT and traffic shaping? > > -Tom > > > We're using DNAT, traffic shaping, accounting, and one change to the modules > file as described here: http://www.shorewall.net/FAQ.htm#faq77 We have no > SNAT beyond the standard egress masquerade. We do have multiple IP > addresses on the external interface - 4, to be precise - but those are > set up via > our distribution's built-in networking utilities, so Shorewall shouldn't > be doing anything to those, right?
Correct. > We have DNAT rules that forward the same ports on > different IPs to different internal servers. > > We also have a tunnel interface set up to accept OpenVPN connections, with > of course the necessary DNAT etc to make that work. > > If there's anything more specific you need to know, let me know. I don't > want to just flood you with our config files. Thanks for your help! Please send /var/lib/shorewall/firewall as an attachment to me privately. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
