-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2/21/20 12:20 PM, Bruce Bannerman wrote: > Hi Tom, > > I have some partial improvement that may help. > > > I have: > > * reset my nameserver to point each of my ‘servers’ to the IP > address of the external interface of my external router/modem. * on > the external router/modem, I configured WAN Port Forwarding to > point to several of the same /28 subnet external addresses as per > my previous emails: o http, https 203.214.66.103 > o smtp 203.214.66.100 o smtps, msa, imaps > 203.214.66.104 * made no changes to my shorewall configuration. * > made no changes to the network addresses or routing configuration > of my servers. * made no changes to my web server, or reverse proxy > server configuration. > > > When testing externally I can now access the website at > www.foss4climate.org <http://www.foss4climate.org>. However, access > is considerably slower than normal. > > NB: These tests were conducted soon after I made my nameserver > changes. While my laptop’s nameserver could get the correct URL for > the website. it had not picked up the correct URL for my mail > servers. So ignore the mail related connections. > > Also note that my shorewall configuration does not take account of > the router/modem's external interface, or IP address. It just > accounts for the modem’s internal IP Address. > > Shorewall Dump for test 3 is attached. > > IP Addresses in test 3: > > 203.214.66.97external router/modem gateway (internal interface) > > 203.214.66.103Reverse Proxy Server 172.16.4.203Web Server > 49.199.104.114Laptop’s updated IP address
Is seems to me that from the Shorewall box's point of view, this configuration should be no difference that the one where DNS resolves to the actual server addresses - by the time that packets reach the Shorewall system, they should look the same. Are you still seeing martian packets with this configuration? - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIzBAEBCgAdFiEEFNMNR63CLO6yqbL8luaz8kI6TRAFAl5RcNYACgkQluaz8kI6 TRAXCxAAjY0ssYEUm1fVlBxYYmdnsXWyfkHjzupCFMxOMvpeCa1kUcm1ziKy4kMF uBbaU7/LqlUkckWUTAUlo1BrKk5qeZThfNrvcnZgychk74e5RPNUwjGw3Kmz44Vl RaEsApSmZrHwT4SJWdn82OJ8NH8PJA9aBVkOoDFb8yEUcE92PVJQzKoRB4OmoCJO tpRwbG2ptodLxi6DAZMklM18qkY81RxuVhyun7BTr9rVNZHQw5szD13t18ijDP3j QWFS2R0gre/abKrvSZPStE+lnLk0s83lMmELvBj9FT1zOw/WKLwwmvdEoGWGsYSo QDkr+h3KPrAnF8b6rF0Lj9oyQA+ofukv/G0E0iqy+5U2IhMsICPANsOirQr2UPXy kAq+VRwtwu8wQkQBrCdkBBZ8mJuLpnaeQs9OOzWIguMXcMNyq4cJL4Gx9OrGt4kD z4ZMEFbInap+AVoqz+Rf2oEKeue0PQhrC5vTJEJDoQTblcoG+ZVRO0X8j4rsN9lG Hw1TKctpKVAlRkYX/nyatFlgxYkS9AQ8jlNjWXYX9qXVDZmUvwSPqnVnYqDEmV8s L0JscT9xXGyCuYj/o0VRwWoYvrPOc13czGJzysg2z+uOKZKSCfvUfrcOc2jUC9fx 12q+lYv7cDpzD2/n+cOD8b9UJM2Imu/5tVmRgyoNmRvgxkHBRQk= =iAio -----END PGP SIGNATURE----- _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
