Add additional DNAT debugging advice to the FAQ

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3921 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-05-18 16:07:10 +00:00
parent 6f324a0f79
commit 6f1bcedcfd

View File

@ -17,7 +17,7 @@
</author>
</authorgroup>
<pubdate>2006-03-14</pubdate>
<pubdate>2006-05-18</pubdate>
<copyright>
<year>2001-2006</year>
@ -238,6 +238,17 @@ DNAT net loc:&lt;l<emphasis>ocal IP address</emphasis>&gt;[:&lt;<emphasis>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>If the packet count is non-zero, check your log to see if
the connection is being dropped or rejected. If it is, then you
may have a zone definition problem such that the server is in a
different zone than what is specified in the DEST column. At a
root promt, type "<command>shorewall show zones</command>" then be
sure that you have specified in the DEST column the first zone in
the list that matches the OUT=&lt;dev&gt; and the DEST=
&lt;ip&gt;from the REJECT/DROP log message.</para>
</listitem>
</itemizedlist>
</section>