I forget send to which email address for shorewall tcpdump.
--- 2010年2月3日 星期三,Michael Weickel - iQom Business Services GmbH <m...@iqom.de>
寫道﹕
寄件人: Michael Weickel - iQom Business Services GmbH <m...@iqom.de>
主題: Re: [Shorewall-users] WG: Suddenly DMZ can't access to internet
收件人: "'Shorewall Users'" <shorewall-users@lists.sourceforge.net>
日期: 2010年2月3日,星期三,下午6:45
This really sounds like routing issues. Maybe subnet mask or sth. like that. I
think its time to follow Tom´s offer to give a Shorewall dump as described in
the troubleshooting phase on www.shorewall.net
Von: Wilson Kwok [mailto:leiw...@yahoo.com.hk]
Gesendet: Mittwoch, 3. Februar 2010 11:17
An: Shorewall Users
Betreff: Re: [Shorewall-users] WG: Suddenly DMZ can't access to internet
If I change the NAT x.x.214.101 to another local lan IP 172.16.1.249 client
computer , this computer can't access to internet .....
Thanks
--- 2010年2月3日 星期三,Michael Weickel - iQom Business Services GmbH <m...@iqom.de>
寫道﹕
寄件人: Michael Weickel - iQom Business Services GmbH <m...@iqom.de>
主題: Re: [Shorewall-users] WG: Suddenly DMZ can't access to internet
收件人: "'Shorewall Users'" <shorewall-users@lists.sourceforge.net>
日期: 2010年2月3日,星期三,下午3:37
Does x.x.214.101 represent your new ‚original destination’ in rules file?
If yes, this sounds like a hierarchy problem in your rules file where another
rule may applied before the one you want.
For example.
DNAT net dmz:192.168.0.7 tcp 80 -
x.x.214.101
DNAT net dmz:192.168.0.6 tcp 80 -
x.x.214.101
This would mean, that a http request to your original destination will always
apply the NAT to 192.168.0.7 because its more near to the top of the file.
Go to /etc/shorewall and do a ‘cat rules | grep 214.100’ if you see more than
one tcp 80 rule this could be your problem. If you do the same with 214.101 and
see only one tcp 80 rule you have your answer.
Von: Wilson Kwok [mailto:leiw...@yahoo.com.hk]
Gesendet: Mittwoch, 3. Februar 2010 07:54
An: Shorewall Users
Betreff: Re: [Shorewall-users] WG: Suddenly DMZ can't access to internet
I just changed NAT IP to another NAT IP:
original: x.x.214.100 192.168.0.6
changed: x.x.214.101 192.168.0.6
Internet can access to web by x.x.214.101
What's this problem?
Thanks !
--- 2010年2月3日 星期三,Tom Eastep <teas...@shorewall.net> 寫道﹕
寄件人: Tom Eastep <teas...@shorewall.net>
主題: Re: [Shorewall-users] WG: Suddenly DMZ can't access to internet
收件人: "Shorewall Users" <shorewall-users@lists.sourceforge.net>
日期: 2010年2月3日,星期三,上午12:57
Michael Weickel - iQom Business Services GmbH wrote:
> net dmz:192.168.0.1 tcp 80
>
>
>
> I forgot to mention that this should be put to rules file, sorry.
And you probably wanted
DNAT net dmz:192.168.0.1 tcp 80
But randomly changing the rules without understanding what the real
problem is seems unwise. Wilson doesn't even know if the problem has
anything to do with Shorewall.
I repeat my offer to look at the output of 'shorewall dump' but I must
do it in the next 30 minutes because the rest of my day is full with
meetings.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----內含下列附件-----
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
-----內含下列附件-----
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Yahoo!香港提供網上安全攻略,教你如何防範黑客!了解更多
-----內含下列附件-----
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
-----內含下列附件-----
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Yahoo!香港提供網上安全攻略,教你如何防範黑客!了解更多
-----內含下列附件-----
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
-----內含下列附件-----
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/ 了解更多!------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
