[Shorewall-newbies] net2all policy blocking "NAT 2 NAT" traffic

Eugene Ventimiglia eventi at yahoo.com
Thu Feb 19 07:58:08 PST 2004


I have the following in my zones file:
#ZONE   DISPLAY         COMMENTS
srv     Servers         Local servers
ofc     Office          Office workstations
net     Net             Internet

eth1 goes to the "srv" zone, and eth0 to "net" & "ofc" (differentiated in
hosts)

Policy:
#CLIENT         SERVER          POLICY          LOG LEVEL
$FW             all             ACCEPT
srv             all             ACCEPT
ofc             all             ACCEPT
net             all             DROP            info

I have the following in my nat file:
#EXTERNAL       INTERFACE       INTERNAL        ALL INTERFACES
LOCAL
68.167.117.18   eth0            192.168.3.18    yes                     yes
68.167.117.20   eth0            192.168.3.20    yes                     yes
68.167.117.21   eth0            192.168.3.21    yes                     yes
68.167.117.22   eth0            192.168.3.22    yes                     yes

I have the hostname for the computer at m-kube.com in a round robin DNS
(using 68.167.117.20 & 68.167.117.21), and both 192.168.3.20 & 192.168.3.21
configured on the same interface (It'll be two computers next week...)

Everything works smoothly from net or ofc, but when I try to reach
http://m-kube.com from the machine itself the log shows this:

Feb 19 06:21:41 mkfrwsrv-nyc001 kernel: Shorewall:net2all::IN=eth1 OUT=eth1
SRC=192.168.3.20 
DST=192.168.3.20 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=64104 DF PROTO=TCP
SPT=1224 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0

And pings work, but http doesn't connect.
Any ideas?
--E



More information about the Shorewall-newbies mailing list