I''ve read the docs, I''ve experimented, and I''ve looked at everything I know to look at, and I know I''m going to feel REALLY silly when I get the answer, but right now I''m stuck. I have these lines in the rules file: SECTION NEW FTP/ACCEPT net fw SSH/ACCEPT net fw Web/ACCEPT net fw NTP/ACCEPT net fw ACCEPT fw fw tcp 3306 # which I shouldn''t need ACCEPT net fw tcp 3306 #ditto DNAT fw net:216.115.115.250:3307 tcp 3306 - Policy: fw net ACCEPT net all DROP info all all REJECT info Zones: fw firewall net ipv4 telnet''ing to 111.111.111.111 prot 3307 works just fine. But when I try to telnet to port localhost 3306, I get a timeout. No messages in the logs, and netstat on the remote machine shows nothing. Why obvious, simple, easy thing am I missing? Thank you! j -- Joshua Kugler Lead System Admin -- Senior Programmer http://www.eeinternet.com PGP Key: http://pgp.mit.edu/ ID 0xDB26D7CE PO Box 80086 -- Fairbanks, AK 99708 -- Ph: 907-456-5581 Fax: 907-456-3111 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Joshua J. Kugler wrote:> Why obvious, simple, easy thing am I missing?How to submit a problem report, for starters. See http://www.shorewall.net/support.htm#Guidelines. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Joshua J. Kugler wrote:> I''ve read the docs, I''ve experimented, and I''ve looked at everything I know to > look at, and I know I''m going to feel REALLY silly when I get the answer, but > right now I''m stuck. > > I have these lines in the rules file: > SECTION NEW > FTP/ACCEPT net fw > SSH/ACCEPT net fw > Web/ACCEPT net fw > NTP/ACCEPT net fw > ACCEPT fw fw tcp 3306 # which I shouldn''t need > ACCEPT net fw tcp 3306 #ditto > DNAT fw net:216.115.115.250:3307 tcp 3306 - > > Policy: > fw net ACCEPT > net all DROP info > all all REJECT info > > Zones: > fw firewall > net ipv4 > > telnet''ing to 111.111.111.111 prot 3307 works just fine. But when I try to > telnet to port localhost 3306, I get a timeout.I''ve experimented with this as well and apparently this is another one of those cases where the 127.0.0.0/8 subnet doesn''t obey the rules. If you place 1.2.3.4 in the ORIGINAL DEST column, then if you attempt to connect to 1.2.3.4:3306, it will work. Sorry -- I see nothing that Shorewall could do differently that would help. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Wednesday 28 March 2007 17:42, Tom Eastep wrote:> Joshua J. Kugler wrote: > > Why obvious, simple, easy thing am I missing? > > How to submit a problem report, for starters. See > http://www.shorewall.net/support.htm#Guidelines.Right...I do know about the shorewall dump guidelines. I''ve posted problems following the guidelines before, but in this case 1) I was frustrated, 2) I was in a hurry, and 3) I had hoped that the files I included provided enough detail. I apologize. I''ll try to be more thorough in the future! On Wednesday 28 March 2007 18:43, Tom Eastep wrote:> > DNAT fw net:216.115.115.250:3307 tcp 3306 - > > > > Policy: > > fw net ACCEPT > > net all DROP info > > all all REJECT info > > > > Zones: > > fw firewall > > net ipv4 > > > > telnet''ing to 111.111.111.111 prot 3307 works just fine. But when I try > > to telnet to port localhost 3306, I get a timeout. > > I''ve experimented with this as well and apparently this is another one of > those cases where the 127.0.0.0/8 subnet doesn''t obey the rules. If you > place 1.2.3.4 in the ORIGINAL DEST column, then if you attempt to connect > to 1.2.3.4:3306, it will work. > > Sorry -- I see nothing that Shorewall could do differently that would help.No problem. thanks for the reply. I''ll do the 1.2.3.4 hack for now until the product I''m using properly supports specifying the MySQL port. :) Thank you very much! j -- Joshua Kugler Lead System Admin -- Senior Programmer http://www.eeinternet.com PGP Key: http://pgp.mit.edu/ ID 0xDB26D7CE PO Box 80086 -- Fairbanks, AK 99708 -- Ph: 907-456-5581 Fax: 907-456-3111 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV