[Shorewall-users] dropped traffic?

Steve Postma spostma at travizon.com
Tue Dec 2 12:54:02 PST 2003


I have a redhat 9 machine with three nics/zones. On eth0 I have 20 IP's
attached . Every IP is DNAT'ed on various ports to various machines on the
dmz. Today I tried to bring up a webserver on the 20th secondary address
attached to eth0. If I attach a packet sniffers to each nic, I can see my
test traffic on eth0, but it is not being passed to the dmz, nor loc, nor is
it being logged. I have an IP on my loc nic dnated to the same webserver and
it works fine. My Policy is reject everywhere with info. My rules are 
 
 DNAT:info    net     dmz:192.168.5.11 tcp     80      -      12.45.241.220
DNAT:info    loc     dmz:192.168.5.11 tcp     80      -      10.5.75.228
(works)
 
Everything else on this firewall appears to work fine. I enabled icmp on the
IP address, pinged it from the net side, and the NIC that responded had the
correct MAC address. Any ideas where else to look?
Thanks for your time!


More information about the Shorewall-users mailing list