Find the answer to your Linux question:
Results 1 to 2 of 2
Running the latest Shorewall on Ubuntu 10.04 server. Got a Netopia router that serves internet to the 192.168 network. My shorewall's eth1 nic is on that network at 192.168.100.253. My ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2010
    Posts
    2

    Shorewall SNAT problem


    Running the latest Shorewall on Ubuntu 10.04 server.

    Got a Netopia router that serves internet to the 192.168 network. My shorewall's eth1 nic is on that network at 192.168.100.253.

    My Shorewall's eth0 nic is 10.10.23.102. I'm trying to route packets from the internet, through the Netopia, into Shorewall's 192 nic, and out the 10 nic to another machine on the 10 range (10.10.1.5).

    Got SNAT set up in masq like this:
    #INTERFACE:DEST SOURCE ADDRESS
    eth0:10.10.1.5 eth1 10.10.23.102

    I shouldn't need the 10.10.23.102 addy. I've tried this with and without.

    When I ping from the Netopia, it get's replies. I can see with tcpdump that Shorewall is rewriting the source address from Netopia's 192 addy to Shorewall's 10.10.23.102.

    But when I try to ping from the internet, Netopia forwards the packet with the original source address, and so does Shorewall.

    How can I tell Shorewall to rewrite it so the internal machine knows to send the packet back through Shorewall?

    Alternatively, anyone know why the Netopia is not rewriting it? I'm much less familiar with Netopia.

  2. #2
    Just Joined!
    Join Date
    Aug 2010
    Posts
    2

    Solved

    Solved it. Told it to do the SNAT regardless of source (0.0.0.0/0) and that did it.

    Don't see why, though. For some reason, I guess Shorewall thought the packet wasn't coming from eth1.

    If anybody knows why, I'd be interested.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •