Shorewall users - May 2003 - Question about port forwarding

I am using the following entry (in ''rules'')  to try to forward
incoming
(''net'') port 635 to tomcat port 8080(''loc''):
 
DNAT    net    loc:192.168.1.200:8080    tcp    635
 
no packets are rec''d at the server (as shown by ''shorewall
show nat'').
 
However, if I change the tomcat port to 635 and rewrite the above line
as
 
DNAT    net    loc:192.168.1.200    tcp    635
 
it works fine and packets are forwarded appropriately.
 
What is wrong with the first entry? 
 
(This looks sooo much like FAQ #1 and #1a that Im bracing myself for the
reply)

On Wed, 14 May 2003 06:48:14 -0700, jon yeargers <jony@lupinesystems.net> 
wrote:
> I am using the following entry (in ''rules'')  to try to
forward incoming
> (''net'') port 635 to tomcat port
8080(''loc''):
> DNAT    net    loc:192.168.1.200:8080    tcp    635
> no packets are rec''d at the server (as shown by
''shorewall show nat'').
By ''server'' do you mean 192.168.1.200? Or do you mean the
firewall?
> However, if I change the tomcat port to 635 and rewrite the above line
> as
> DNAT    net    loc:192.168.1.200    tcp    635
> it works fine and packets are forwarded appropriately.
> What is wrong with the first entry?
> (This looks sooo much like FAQ #1 and #1a that Im bracing myself for the
> reply)
There''s nothing wrong with the first entry -- your results
don''t make
sense...

Please restore the setup that has tomcat on port 8080 and then follow the 
procedure outlined at http://www.shorewall.net/support.htm under the red 
underlined heading "If you are having connection problems of any
kind".

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net