I''m having trouble making DNAT work the way I think it should. I''m using Shorewall 1.2 and iptables 1.2.5.1. What I need to do is forward udp port 500 packets addressed to the firewall machine from the net to a machine behind the firewall. I have NAT_ENABLED set to "yes" I am masquerading the machine that I want to forward the incoming packets to. I have the following statement in /etc/shorewall/rules: DNAT net:203.11.22.121/32 wep:192.168.10.22 udp 500 ^^the source machine ^^my destination behind the firewall "wep" and "net" are defined in my interfaces file and work fine for everything else. I get the following message upon doing a shorewall start: Error: Invalid Target in rule "DNAT net:202.12.92.210/32 wep:192.168.0.2 udp 500" Helppppp! Roy Barkas rbarkas@usa.net
----- Original Message ----- From: "Roy Barkas" <rbarkas@usa.net> To: <shorewall-users@shorewall.net> Sent: Wednesday, July 03, 2002 10:47 AM Subject: [Shorewall-users] DNAT help> I''m having trouble making DNAT work the way I think it should. I''m > using Shorewall 1.2 and iptables 1.2.5.1.Probably DNAT rule work only in 1.3 version of shorewall ...> I have the following statement in /etc/shorewall/rules: > > DNAT net:203.11.22.121/32 wep:192.168.10.22 udp 500 > > ^^the source machine ^^my destination behind the > firewallcheck this (1.2). ACCEPT net wep:192.168.10.10:500 udp 500 - 203.11.22.121 check this (1.3)... DNAT net wep:192.168.10.10 udp 500 - 203.11.22.121 ... or this (1.3). DNAT net wep:192.168.10.10:500 udp 500 - 203.11.22.121 Regards ------- Dario Lesca (d.lesca@ivrea.osra.it)
On Wed, 3 Jul 2002, Roy Barkas wrote:> I''m having trouble making DNAT work the way I think it should. I''m > using Shorewall 1.2 and iptables 1.2.5.1. > > What I need to do is forward udp port 500 packets addressed to the > firewall machine from the net to a machine behind the firewall. > > I have NAT_ENABLED set to "yes" > > I am masquerading the machine that I want to forward the incoming > packets to. > > I have the following statement in /etc/shorewall/rules: > > DNAT net:203.11.22.121/32 wep:192.168.10.22 udp 500 > > ^^the source machine ^^my destination behind the > firewall > > "wep" and "net" are defined in my interfaces file and work fine for > everything else. > > I get the following message upon doing a shorewall start: > > Error: Invalid Target in rule "DNAT net:202.12.92.210/32 wep:192.168.0.2 > udp 500" > > Helppppp! >You''re using 1.3 syntax with Shorewall 1.2. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net