Sorry Tom, I sent you the dump without testing before. Now I attach a dump with previous testing connecting from 192.168.1.4 to port 80 with a new discover...
It realized, playing with the shorewall show nat, that the number of packets of the counter matches with what the limit is suposed to do, it looks like the limit its working. The strange thing is that the requested HTTP page that I'm connecting to its updated everytime. I press F5 at a higher rate, giving me a diferent timestamp on every request. A diferent timestamp shows me that cache is not acting and the request reaches its destination (192.168.2.2). In other words, I press F5, I get a fresh page in response but "shorewall show nat" counters remains at the same value. I wait a few seconds, hit F5 again, get a fresh page and the counter is increased. It seems that the rate-limit works cutting the DNAT rule (as the counter shows), but the request reaches its destination anyway. I can't understand why... I put the "public" ip of the firewall in the browser (192.168.1.135). Only a DNAT rule can take me to 192.168.2.2. Regards. 2012/4/30 Tom Eastep <[email protected]>: > On 04/30/2012 10:33 AM, Pau Beltrán wrote: >> Sorry, from the IP 192.168.1.4 >> > > Something is wrong with your testing then, because *none* of your DNAT > rules have been hit at all: > > Chain net_dnat (1 references) > pkts bytes target prot opt in out source > destination > 0 0 DNAT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:7171 to:192.168.2.2 > 0 0 DNAT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 to:192.168.2.2:8090 > 0 0 DNAT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:8090 to:192.168.2.2:8090 > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
shorewall_dump_ok.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
