[Shorewall-users] problems

Tom Eastep teastep at shorewall.net
Tue Oct 21 11:12:08 PDT 2003


On Tue, 2003-10-21 at 09:51, Steve Postma wrote:
> The DNAT from the loc zone seems to not be working
> correctly. If I make a web request from the loc zone with a sniffer in both
> loc and dmz, I can see the request in both zones but the reply in only the
> dmz. The packets returning to loc seem to be getting dropped inbetween
> zones. There is nothing in /var/log/messages.  DNAT's from the net zone are
> passing traffic. I tried a shorewall restart, no change to the loc problem.
> Any ideas ?

Are the replies in the DMZ being sent to the proper host (is the
destination MAC address that of the firewall's DMZ interface)?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list