[Shorewall-newbies] DNAT not working at all

Simon Cooper thecoop at runbox.com
Wed Jan 7 21:20:15 PST 2004


On Wed, 7 Jan 2004 13:13:04 -0800
Tom Eastep <teastep at shorewall.net> wrote:

> On Wednesday 07 January 2004 01:03 pm, Tom Eastep wrote:
> > On Wednesday 07 January 2004 12:59 pm, Tom Eastep wrote:
> > > The steps for troubleshooting port forwarding problems are given in FAQs
> > > 1a and 1b. According to your "shorewall status" output, at least one
> > > connection request was received from the internet and forwarded to your
> > > server at 192.168.0.9.
> >
> > In fact, a connection was established from 216.127.72.7:
> >
> > tcp      6 431992 ESTABLISHED src=216.127.72.7 dst=82.39.120.35 sport=45644
> > dport=9192 src=192.168.0.9 dst=216.127.72.7 sport=9192 dport=45644
> > [ASSURED] use=1
> 
> In other words whatever the problem is that is causing the connection to 
> appear to hang, it is NOT your DNAT rule. Also, the fact that the TCP session 
> can be established means that the default gateway on 192.168.0.9 is correct.
> 
> Can 192.168.0.9 do reverse DNS lookups ok (especially a reverse DNS lookup of 
> 216.127.72.7)?
> 
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep at shorewall.net
> 
> 
> 
On the computer with the server:

nervada / # route 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
loopback        nervada.cooper. 255.0.0.0       UG    0      0        0 lo
default         router          0.0.0.0         UG    0      0        0 eth0

nervada / # ping router
PING router (192.168.0.10) 56(84) bytes of data.
64 bytes from router (192.168.0.10): icmp_seq=1 ttl=64 time=0.285 ms
64 bytes from router (192.168.0.10): icmp_seq=2 ttl=64 time=0.247 ms
64 bytes from router (192.168.0.10): icmp_seq=3 ttl=64 time=0.258 ms
64 bytes from router (192.168.0.10): icmp_seq=4 ttl=64 time=0.243 ms

--- router ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.243/0.258/0.285/0.019 ms

and it can access the internet fine, play online games etc...

Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shorewall.net/pipermail/shorewall-newbies/attachments/20040107/9fdb8281/attachment.bin


More information about the Shorewall-newbies mailing list