Shorewall users - Jan 2004 - does /etc/shorewall/nat take precedence over /etc/shorewall/rules?

Hi,

I was wondering what the effect of having an entry in
/etc/shorewall/nat is in comparison to entries in
/etc/shorewall/rules.

I have these entries:

in rules:
DNAT    net     loc:192.168.1.246       tcp     25      -   
   38.118.152.245

in nat:
38.118.152.245  eth0            192.168.1.245   no          
           no

So nat would typically map everything on external .245 to
internal .245, but my entry in rules attempts to override
that and map port 25 for .245 to the .246 server.

Server .246 is accepting connections normally; however if I
try to connect to the external IP .245 on port 25, I get a
connection timed out. So it doesn''t seem the entry in rules
is taking effect.

Any suggestions?

Thanks
Ricardo

On Wednesday 07 January 2004 12:42 pm, Ricardo Kleemann
wrote:
> Hi,
>
> I was wondering what the effect of having an entry in
> /etc/shorewall/nat is in comparison to entries in
> /etc/shorewall/rules.
>
> I have these entries:
>
> in rules:
> DNAT    net     loc:192.168.1.246       tcp     25      -
>    38.118.152.245
>
> in nat:
> 38.118.152.245  eth0            192.168.1.245   no
>            no
>
> So nat would typically map everything on external .245 to
> internal .245, but my entry in rules attempts to override
> that and map port 25 for .245 to the .246 server.
>
> Server .246 is accepting connections normally; however if I
> try to connect to the external IP .245 on port 25, I get a
> connection timed out. So it doesn''t seem the entry in rules
> is taking effect.
>
> Any suggestions?
Look at the NAT_BEFORE_RULES option in shorewall.conf

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net