[Shorewall-devel] Problem with DNAT

Johny Hazin jhazin at sistelhn.com
Tue Sep 7 14:01:11 PDT 2004


Hi
I have this configuration:

eth0      Link encap:Ethernet  HWaddr 00:C0:F0:54:DC:1E  
          inet addr:10.10.10.166  Bcast:10.10.10.167  Mask:255.255.255.248
          inet6 addr: fe80::2c0:f0ff:fe54:dc1e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1738708 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1538724 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1130239548 (1077.8 Mb)  TX bytes:248692331 (237.1 Mb)
          Interrupt:15 Base address:0xb000 

eth0:0    Link encap:Ethernet  HWaddr 00:C0:F0:54:DC:1E  
          inet addr:10.10.10.163  Bcast:10.10.10.167  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:15 Base address:0xb000 

eth1      Link encap:Ethernet  HWaddr 00:50:8B:E9:D3:7C  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::250:8bff:fee9:d37c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1803457 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1783929 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:261270108 (249.1 Mb)  TX bytes:1149310777 (1096.0 Mb)

Eth0  Net Zone (two Ip addresses)
Eth1 iLocal Zone

In Eth1 i have my email server, with the public ip 10.10.10.163, when i do the DNAT i have this:

Sep  5 11:13:55 ns kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:c0:f0:54:dc:1e:00:04:27:fd:6c:cb:08:00 SRC=205.240.205.176 DST=10.10.10.163 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=50942 DF PROTO=TCP SPT=62382 DPT=25 WINDOW=65148 RES=0x00 SYN URGP=0 

IN=eth0=OUT this is my problem, doesnt Out trough eth1

My /etc/shorewall/nat is
#ACTION  SOURCE         DEST            PROTO   DEST    SOURCE     ORIGINAL     RATE            USER/
#                                               PORT    PORT(S)    DEST         LIMIT           GROUP
REDIRECT        loc     8080    tcp     80      -       -       -       -
ACCEPT  all     all     tcp     25,110,53,80   -       -       -      -
DNAT:info       net     loc:192.168.0.253:25    tcp     25      10.10.10.163       -       -       -

Thanks

Johny



More information about the Shorewall-devel mailing list