[Shorewall-newbies] Masq not working.

Tom Eastep teastep at shorewall.net
Thu Jan 15 13:23:51 PST 2004


On Thursday 15 January 2004 01:23 pm, Tom Eastep wrote:
> On Thursday 15 January 2004 01:15 pm, Harding, Tyson wrote:
> > I have not seen Shorewall log anything to the syslog indicating it is
> > blocking the packets, but I see packets coming back from the web server
> > from port 80 to the firewall server.
> >
> > If I am using and reading the tcpdump correctly then the packet requests
> > are going out masqueraded. The response is coming back to the firewalls
> > external interface, and that is were it ends. The web server looks like
> > it retries a few times, then stops.
>
> Hmmm -- I don't think that I could configure Shorewall to behave that way
> if I tried.
>
> Have you tried:
>
> a) Running tcpdump on the internal interface?
> b) Looking at the output of "shorewall show connections" after you have
> tried to connect?

Also, which kernel version are you running. The MASQUERADE target is 
reportedly broken in 2.4.23.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list