From: Tom Eastep [mailto:[email protected]] Sent: 2. juli 2013 15:04
>I suspect that these hosts were sending packets prior to the firewall starting >(before the DNAT rule was in place). We often see a similar problem with SIP. >A un-NATTed connection tracking table >entry gets created for them, and all >subsequent packets are handled based on that entry. >You can install the 'conntrack' utility and use it to remove the (un-NATTed) >conntrack entries for these hosts; or simply 'shorewall restart -p'. Note that >the latter command deletes *all* conntrack >entries, which may cause some >connections to be dropped. That did the trick. Thanks. >This problem can usually be prevented by installing and configuring >Shorewall-init. I'm looking into shorewall-init now. Thanks again. ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
