-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
/etc/shorewall/nat is empty (assuming you meant 'nat' and not 'net')
/etc/shorewall.masq:
eth0 192.168.0.0/22
I since changed the IP range to 192.168.0.0/17, thinking that maybe the
.../22 was not passing the 192.168.122.0 subnet, but the change seemed
to make no difference as far as needing to restart shorewall. Is it
necessary to have a masq file in this setup with one external interface?
== Some extra information ==
The mail clients (Thunderbird or iPhones) when on loc or in the wild use
the FQDN of the IMAP servers (e.g. mail.mydomain.com) and not the
internal VM host name (e.g. m2a74am_vm1). So, when configuring this
setup, I found that a pair of rules like these, for example (there are
similar ones for HTTP, HTTPS, SMTP, etc etc):
DNAT net dmz:192.168.122.11 tcp 143 -
71.245.97.172
DNAT loc dmz:192.168.122.11 tcp 143 -
71.245.97.172
would forward IMAP to the designated virtual IMAP server from both net
and loc based clients. That this worked at all for loc seemed strange to
me, but the traffic is being sent from loc to the designated original
destination, after all.
Looking through the rules file just now I see what might be some
redundancies and unnecessary lines that I'll clean up and test for
functionality. These shouldn't involve IMAP, but I'll verify the need to
restart Shorewall. I'll keep the current version on hand, of course.
Thanks,
John
On 10/23/2010 08:36 PM, Tom Eastep wrote:
> On 10/23/10 5:08 PM, Dr John wrote:
>> I rebooted with the KVMs set for autostart, attempted IMAP connections
>> to them from a system on loc (failed), saved output of shorewall dump,
>> then restarted Shorewall and repeated successfully.
>>
>> Attached file includes:
>>
>> swdump-after.log swdump-before.log
>>
>> where 'before' and 'after' are relative to the restart of Shorewall.
>>
>
> Please forward the contents of:
>
> /etc/shorewall/masq
> /etc/shorewall/net
>
> Thanks,
> -Tom
>
>
>
> ------------------------------------------------------------------------------
> Nokia and AT&T present the 2010 Calling All Innovators-North America contest
> Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
> http://p.sf.net/sfu/nokia-dev2dev
>
>
>
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJMw7jmAAoJEFJ3a0HNXtk2X2oIAJrW5r7MCaVZE8/yTwiWMcms
Shk+Tuw6hnFFs80RDLMxE2umsImatw3U3mSneW6K/Amv43kGcq5lpex+8cc1Lg1n
m9qkguRrHYu15+/PnADK86Khd/0ThZkBohYL7uFv0SXza0N7gChSvs8LwMZJHA6Y
s05pkIjR9hEKRk6+OFO4c87eh7uMTKRykXGvfDrGORirB1KIC2AKLwDclu33GjEa
sk45aVN50bZWNle1OCzs2gMISjXDjS9K5Ev+WuIV86k6Xud+wj6gmN/GIhb1cFOR
zLXJ113TNH3eqL7xj9YmPPGosV3n46Nu9zd+mx4apN1X0TxR+dhTSv9Iyri1OJA=
=7xiT
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
