Shorewall SNAT problem
Running the latest Shorewall on Ubuntu 10.04 server.
Got a Netopia router that serves internet to the 192.168 network. My shorewall's eth1 nic is on that network at 192.168.100.253.
My Shorewall's eth0 nic is 10.10.23.102. I'm trying to route packets from the internet, through the Netopia, into Shorewall's 192 nic, and out the 10 nic to another machine on the 10 range (10.10.1.5).
Got SNAT set up in masq like this:
#INTERFACE:DEST SOURCE ADDRESS
eth0:10.10.1.5 eth1 10.10.23.102
I shouldn't need the 10.10.23.102 addy. I've tried this with and without.
When I ping from the Netopia, it get's replies. I can see with tcpdump that Shorewall is rewriting the source address from Netopia's 192 addy to Shorewall's 10.10.23.102.
But when I try to ping from the internet, Netopia forwards the packet with the original source address, and so does Shorewall.
How can I tell Shorewall to rewrite it so the internal machine knows to send the packet back through Shorewall?
Alternatively, anyone know why the Netopia is not rewriting it? I'm much less familiar with Netopia.
Solved it. Told it to do the SNAT regardless of source (0.0.0.0/0) and that did it.
Don't see why, though. For some reason, I guess Shorewall thought the packet wasn't coming from eth1.
If anybody knows why, I'd be interested.