Den 05-09-2014 16:37, Wayne S skrev:
At 9/5/2014 06:29 AM, you wrote:
Hi
We use a shorewall 4.4.11.6, with a 3 NIC setup (net - dmz -
localnet) that has been working flawlessly for years.
Now we have changed broadband provider and with it we've got new IP
addresses.
I've reconfigured shorewall with the new addresses and since then we
no longer have functioning DNAT for boxes that are forwarded from IP
different from the main IP address.
As far as I could see, for doing the provider change we only needed
to edit the params (params for main IP and ekstra IPs)and masq file
(main IP), apart from of course /etc/network/interfaces and
/etc/dhcp/dhcpd.conf
Having done those changes everything works OK, even DNAT from the
main IP to boxes on DMZ or localnet, whilst the DNAT rules for boxes
forwarded to from other IPs in the address range are not working at
all (ssh: connect to host 89.233.14.37 port 22: Connection timed out)
What is in your masq file? and what type of ISP connection do you
have? I have fios that uses pppoe and the pppoe link goes through a
10.0.0.0 ip address. Therefore I cannot include 10.0.0.0 in the masq
file without causing problems similar to yours.
The masq file is:
#INTERFACE SOURCE ADDRESS PROTO PORT(S)
IPSEC MARK
eth0 10.0.0.0/8,\
169.254.0.0/16,\
172.16.0.0/12,\
192.168.0.0/16 89.233.14.34
That is we're using our main IP address for everything.
About the connection: it's a fiber connection and in our end there are a
media converter and a switch, we connect our NIC to the switch. I don't
know the underlying technology.
Could I try having something else in the masq file? I tryed removing it
but nothing works any longer if I do that.
/paolo
Wayne S
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
