Regarding Martian packets: Yes, I’m still seeing many of them under the router/modem port forward configuration.
I’ll replace my modem tomorrow and try again. Thanks for the pointer. Kind regards, Bruce > On 23 Feb 2020, at 5:21 am, Tom Eastep <teas...@shorewall.net> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > >> On 2/21/20 12:20 PM, Bruce Bannerman wrote: >> Hi Tom, >> >> I have some partial improvement that may help. >> >> >> I have: >> >> * reset my nameserver to point each of my ‘servers’ to the IP >> address of the external interface of my external router/modem. * on >> the external router/modem, I configured WAN Port Forwarding to >> point to several of the same /28 subnet external addresses as per >> my previous emails: o http, https 203.214.66.103 >> o smtp 203.214.66.100 o smtps, msa, imaps >> 203.214.66.104 * made no changes to my shorewall configuration. * >> made no changes to the network addresses or routing configuration >> of my servers. * made no changes to my web server, or reverse proxy >> server > configuration. >> >> >> When testing externally I can now access the website at >> www.foss4climate.org <http://www.foss4climate.org>. However, access >> is considerably slower than normal. >> >> NB: These tests were conducted soon after I made my nameserver >> changes. While my laptop’s nameserver could get the correct URL for >> the website. it had not picked up the correct URL for my mail >> servers. So ignore the mail related connections. >> >> Also note that my shorewall configuration does not take account of >> the router/modem's external interface, or IP address. It just >> accounts for the modem’s internal IP Address. >> >> Shorewall Dump for test 3 is attached. >> >> IP Addresses in test 3: >> >> 203.214.66.97external router/modem gateway (internal interface) >> >> 203.214.66.103Reverse Proxy Server 172.16.4.203Web Server >> 49.199.104.114Laptop’s updated IP address > > Is seems to me that from the Shorewall box's point of view, this > configuration should be no difference that the one where DNS resolves > to the actual server addresses - by the time that packets reach the > Shorewall system, they should look the same. Are you still seeing > martian packets with this configuration? > > - -Tom > - -- > Tom Eastep \ Q: What do you get when you cross a mobster > Shoreline, \ with an international standard? > Washington, USA \ A: Someone who makes you an offer you > http://shorewall.org \ can't understand > \________________________________________ > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > > iQIzBAEBCgAdFiEEFNMNR63CLO6yqbL8luaz8kI6TRAFAl5RcNYACgkQluaz8kI6 > TRAXCxAAjY0ssYEUm1fVlBxYYmdnsXWyfkHjzupCFMxOMvpeCa1kUcm1ziKy4kMF > uBbaU7/LqlUkckWUTAUlo1BrKk5qeZThfNrvcnZgychk74e5RPNUwjGw3Kmz44Vl > RaEsApSmZrHwT4SJWdn82OJ8NH8PJA9aBVkOoDFb8yEUcE92PVJQzKoRB4OmoCJO > tpRwbG2ptodLxi6DAZMklM18qkY81RxuVhyun7BTr9rVNZHQw5szD13t18ijDP3j > QWFS2R0gre/abKrvSZPStE+lnLk0s83lMmELvBj9FT1zOw/WKLwwmvdEoGWGsYSo > QDkr+h3KPrAnF8b6rF0Lj9oyQA+ofukv/G0E0iqy+5U2IhMsICPANsOirQr2UPXy > kAq+VRwtwu8wQkQBrCdkBBZ8mJuLpnaeQs9OOzWIguMXcMNyq4cJL4Gx9OrGt4kD > z4ZMEFbInap+AVoqz+Rf2oEKeue0PQhrC5vTJEJDoQTblcoG+ZVRO0X8j4rsN9lG > Hw1TKctpKVAlRkYX/nyatFlgxYkS9AQ8jlNjWXYX9qXVDZmUvwSPqnVnYqDEmV8s > L0JscT9xXGyCuYj/o0VRwWoYvrPOc13czGJzysg2z+uOKZKSCfvUfrcOc2jUC9fx > 12q+lYv7cDpzD2/n+cOD8b9UJM2Imu/5tVmRgyoNmRvgxkHBRQk= > =iAio > -----END PGP SIGNATURE----- > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
