On 04/05/2011 09:35 AM, Chris Stone wrote: > I have a firewall with 3 interfaces under CentOS5.5 and using > Shorewall 4.4. There are multiple IP addresses on the external > interfaces (2 of them - 1 to each of 2 different providers) and have > one-to-one NAT setup on some of them for internal private IP systems. > Initially this was all working great and all still works fine except > for some of these NAT setups. After a couple of weeks (*no* change in > the shorewall config), one of the forwarding stopped and connections > were being rejected. Yesterday, another one did it. And then this > morning, I noticed that one of the forwarding was going to the > incorrect server on the private network! > > Attached is a copy of the output from 'shorewall dump'. I did a > connection test from 208.69.72.26 to 38.116.137.22 on port 25 and the > connection which should (and has been) forwarded to 192.168.0.212 > failed - rejected. Did another test from the same IP to another NAT > setup address 38.116.133.253 on port 25 and instead of a response from > the configured NAT server at 192.168.0.213, I instead got the server > at 192.168.0.212. > > As I noted, this was all working fine and then, one by one, they seem > to stop working and I end up with the REJECT instead. Am not sure > where to go from here since the config seems to be OK in my review of > it and the shorewall docs - and it has been working fine.
Check the REJECT messages and note the IN= interface. Is it the one you expect? > > Any suggestions as to what to take a look at next or how to resolve this > issue? Check to be sure that your WAN network and LAN network aren't bridged. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
