Jeremy wrote: > I had this all working at one point, but I restarted my server and now > it is broke and I cannot figure out why. I have a 1:1 nat 69.128.165.227 > --> 172.28.101.21 UDP ports 59001, 59100:59300. I get these messages and > the packets will not go threw. I have check all my rules and nat file > and tried everything I could find and nothing would work. eth2 has 2 > addresses, the primary is 69.128.165.228 and the second is > 69.128.165.227 and it should 1:1 to 172.28.101.21
This is likely a consequence of starting Shorewall after starting Networking. UDP port 59001 packets were received from 76.255.20.195 after Networking was started but before the appropriate nat rules were in place. Install the conntrack package and, as root, run 'conntrack -F'. You can avoid this problem in the future by doing one of two things: a) Modify your startup environment so that the '-p' option is passed (e.g., /sbin/shorewall start -p). b) In /etc/shorewall/start, add: [ "$COMMAND" = start ] && /usr/sbin/conntrack -F The latter assumes that the conntrack binary resides in /usr/sbin as it does on Debian. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
