[Shorewall-users] eth1 to eth1
Wed, 3 Apr 2002 22:10:00 -0700
I've run into a problem with 1.2.10 and would like to request a more
experienced person's advice.
I'm Static NAT my boxes behind the firewall.
126.96.36.199 -> 10.10.10.10
188.8.131.52 -> 10.10.10.20
I've got two domain names that are setup here.
Domain1.com - ip 218
Domain2.com - ip 219
When I try to send mail from Domain1.com to Domain2.com the firewall
stops me with a loc2loc:REJECT log message.
So I go into the policy file and set loc loc ACCEPT
That doesn't work so I try making a rule
ACCEPT loc loc tcp smtp
That doesn't work either..
I find a work around by making a common entry like so:
run_iptables -A FORWARD -i eth1 -o eth1 -p tcp --dport 25 -j ACCEPT
Now for obvious reason this isn't ideal. I'd like to work with
shorewall system for easier usage and maintance as I like the setup
and how its done right now.
What I see is the problem/bug/feature is that loc2loc is not used
in either the INPUT, OUTPUT or FORWARD chains. It should be in
the FORWARD chain though. Am I correct or did I miss some configuration
Thank you for any help you can give.