On Tuesday 25 September 2012 10:05:56 Tom Eastep wrote:
> On 09/25/2012 09:38 AM, Nuno Fernandes wrote:
> > Hello,
> >
> > I have shorewall version 4.5.4.2 installed.
> >
> > I have multiple isp configured and the following zones:
> >
> > fw firewall
> >
> > net ipv4
> >
> > loc ipv4
> >
> > tux:net ipv4
> >
> > In the interfaces file i have:
> >
> > loc eth0 - routeback
> >
> > net eth1 - dhcp,routeback
> >
> > net eth3 - dhcp,routeback
> >
> > eth1 and eth3 are the interfaces connected to the internet.
> >
> > The hosts file has:
> >
> > tux eth1:8.8.8.8
> >
> > tux eth3:8.8.8.8
> >
> > What i have in dnat chain the ips 8.8.8.8? Because of that DNAT rules
> > from the internet to my local servers don't get applied and i get
> > "connection refused".
> >
> > Chain dnat (1 references)
> >
> > pkts bytes target prot opt in out source destination
> >
> > 0 0 RETURN all -- eth1 * 8.8.8.8.8 0.0.0.0/0
> >
> > 0 0 RETURN all -- eth3 * 8.8.8.8.8 0.0.0.0/0
> >
> > 986 66082 net_dnat all -- eth1 * 0.0.0.0/0 0.0.0.0/0
> >
> > 60 2411 net_dnat all -- eth3 * 0.0.0.0/0 0.0.0.0/0
> >
> > Does anyone know what is the reason or what can i do to correct that?
>
> What is your setting for IMPLICIT_CONTINUE?
>
> -Tom
Hello,
# grep IMPLICIT_CONTINUE /etc/shorewall/shorewall.conf
IMPLICIT_CONTINUE=No
I'll read more info on that at home...
Best regards,
Nuno Fernandes
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
