hi, i have a shorewall 1.4.4b and iptables 1.2.8 running. i want to forward the smtp port to e.g port 26. i tried with e.g.: DNAT net dmz:10.0.0.1:26 tcp smtp - 234.234.234.234 but this rule has no effect. any ideas ?
On Mon, 2003-06-16 at 06:57, Andreas Kuehl wrote:> hi, > > i have a shorewall 1.4.4b and iptables 1.2.8 running. i want to forward the > smtp port to e.g port 26. > > i tried with e.g.: > > DNAT net dmz:10.0.0.1:26 tcp smtp - 234.234.234.234 > > but this rule has no effect. > > any ideas ?FAQ''s 1a and 1b describe the recommended steps for debugging port forwarding problems. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
i tried these two steps without being successfull i checked the net_dnat chain, this is ok, but shorewall don?t use it. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Montag, 16. Juni 2003 16:07 To: Andreas Kuehl Cc: shorewall-users@lists.shorewall.net Subject: Re: [Shorewall-users] DNAT and port forward problem On Mon, 2003-06-16 at 06:57, Andreas Kuehl wrote:> hi, > > i have a shorewall 1.4.4b and iptables 1.2.8 running. i want to forwardthe> smtp port to e.g port 26. > > i tried with e.g.: > > DNAT net dmz:10.0.0.1:26 tcp smtp - 234.234.234.234 > > but this rule has no effect. > > any ideas ?FAQ''s 1a and 1b describe the recommended steps for debugging port forwarding problems. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On Mon, 2003-06-16 at 07:39, Andreas Kuehl wrote:> i tried these two steps without being successfull > > i checked the net_dnat chain, this is ok, but shorewall don?t use it.What does that mean? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
shorewall does not execute this dnat rule. this is realy crazy! i have a running transparent http-proxy. therefore i am using DNAT and portforwarding. this works perfekt with no problem. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Montag, 16. Juni 2003 16:48 To: Andreas Kuehl Cc: shorewall-users@lists.shorewall.net Subject: RE: [Shorewall-users] DNAT and port forward problem On Mon, 2003-06-16 at 07:39, Andreas Kuehl wrote:> i tried these two steps without being successfull > > i checked the net_dnat chain, this is ok, but shorewall don?t use it.What does that mean? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On Mon, 2003-06-16 at 08:04, Andreas Kuehl wrote:> shorewall does not execute this dnat rule.Shorewall *never* executes rules -- Netfilter executes rules.> > this is realy crazy! > > i have a running transparent http-proxy. therefore i am using DNAT and > portforwarding. this works perfekt with no problem.Please follow *exactly* the instructions at http://www.shorewall.net/support.htm under the red bold heading "If you are having connection problems of any kind then:" -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
;-) -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Montag, 16. Juni 2003 17:11 To: Andreas Kuehl Cc: shorewall-users@lists.shorewall.net Subject: RE: [Shorewall-users] DNAT and port forward problem On Mon, 2003-06-16 at 08:04, Andreas Kuehl wrote:> shorewall does not execute this dnat rule.Shorewall *never* executes rules -- Netfilter executes rules.> > this is realy crazy! > > i have a running transparent http-proxy. therefore i am using DNAT and > portforwarding. this works perfekt with no problem.Please follow *exactly* the instructions at http://www.shorewall.net/support.htm under the red bold heading "If you are having connection problems of any kind then:" -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On Mon, 2003-06-16 at 08:24, Andreas Kuehl wrote:> may i email you the information ? > > -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Montag, 16. Juni 2003 17:11 > To: Andreas Kuehl > Cc: shorewall-users@lists.shorewall.net > Subject: RE: [Shorewall-users] DNAT and port forward problem > > > On Mon, 2003-06-16 at 08:04, Andreas Kuehl wrote: > > shorewall does not execute this dnat rule. > > Shorewall *never* executes rules -- Netfilter executes rules. > > > > > this is realy crazy! > > > > i have a running transparent http-proxy. therefore i am using DNAT and > > portforwarding. this works perfekt with no problem. > > Please follow *exactly* the instructions at > http://www.shorewall.net/support.htm under the red bold heading "If you > are having connection problems of any kind then:"To close this thread, Andreas is using static NAT and was trying to also do port-mapping; this requires NAT_BEFORE_RULES=No in /etc/shorewall/shorewall.conf. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net