Re: [Shorewall-users] routeback to same interface

Sun, 15 Sep 2013 07:14:44 -0700 

On 9/14/2013 1:38 PM, İlker Aktuna wrote:
> Thanks for analyzing it.
> This is not normal behaviour of netfilter right ?
> Where can I ask about netfilter issue ?
> 

I would start with Ubuntu. First, be sure that all available updates are
installed. Then if you still have the problem, submit a bug report.

I just performed a similar test on my up-to-date Debian 7 gateway and
the test worked as expected:

/etc/shorewall/zones:

dmz             ipv4

/etc/shorewall/interfaces:

dmz    br0              routeback,proxyarp=1,required,wait=30

/etc/shorewall/rules:

DNAT dmz dmz:70.90.191.125:80 tcp 80 - 70.90.191.121

/etc/shorewall/masq:

br0 70.90.191.120/29 70.90.191.121 tcp 80

root@gateway:~# uname -a
Linux gateway 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux
root@gateway:~#

Chain dmz-dmz (1 references)
 pkts bytes target     prot opt in     out     source
destination
    1    60 dynamic    all  --  *      *       0.0.0.0/0
0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
    9  1666 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0            ctstate ESTABLISHED
    0     0 +dmz-dmz   all  --  *      *       0.0.0.0/0
0.0.0.0/0            ctstate RELATED
    0     0 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0            ctstate UNTRACKED
    1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0
70.90.191.125        ctorigdst 70.90.191.121 tcp dpt:80 ctorigdstport 80
<=============
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0

I used port 80 rather than a high port, but that is irrelevant.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. 
http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to