Hi everyone. I am running into a small problem with a dnat on shorewall. I have a firewall where I do various dnat to internal servers. no problem at all with the web server, the smtp and pop server and one ftp server. but when I redirect the telent (I know it is not safe) and ftp to the internal IBMAS400 I am hitting a "wall". looking at the tcp/ip packet on the internal connection I can see my incoming request to the as400 telnet port being past on to the proper internal IP address, but no reply back from the AS400. Looking fro the difference between the current ipchains firewall and shorewall th eonly one I can see is that the source port on my telnet request when past on tho the as400 is in the 64000 range which I think is not accepted by the as400. any idea or am i looking at the wrong tree ? Bernard -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3545 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030729/3e195154/smime-0001.bin
Hi everyone. I am running into a small problem with a dnat on shorewall. I have a firewall where I do various dnat to internal servers. no problem at all with the web server, the smtp and pop server and one ftp server. but when I redirect the telent (I know it is not safe) and ftp to the internal IBMAS400 I am hitting a "wall". looking at the tcp/ip packet on the internal connection I can see my incoming request to the as400 telnet port being past on to the proper internal IP address, but no reply back from the AS400. Looking fro the difference between the current ipchains firewall and shorewall th eonly one I can see is that the source port on my telnet request when past on tho the as400 is in the 64000 range which I think is not accepted by the as400. any idea or am i looking at the wrong tree ? Bernard -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3545 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030729/b3b4f9db/smime.bin
On Mon, 2003-07-28 at 14:19, Bernard Varaine wrote:> Hi everyone. > > I am running into a small problem with a dnat on shorewall. I have a > firewall where I do various dnat to internal servers. > no problem at all with the web server, the smtp and pop server and one > ftp server. > but when I redirect the telent (I know it is not safe) and ftp to the > internal IBMAS400 I am hitting a "wall". > looking at the tcp/ip packet on the internal connection I can see my > incoming request to the as400 telnet port being past on to the proper > internal IP address, but no reply back from the AS400. > > Looking fro the difference between the current ipchains firewall and > shorewall th eonly one I can see is that the source port on my telnet > request when past on tho the as400 is in the 64000 range which I think > is not accepted by the as400. > > any idea or am i looking at the wrong tree ? >The symptoms you describe would usually indicate that the as400 default gateway is set to an address other than that of the firewall''s internal interface. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Hi, I try to open port. I add a rule: DNAT net loc:192.168.1.2 1444 - during check I got message Error Invalid Target fot this rule. Shorewall is 1.2.9 version runnig on Mandrake 9.0. What could be wrong? Maciek
--- Maciek <maciekr@pf.pl> wrote:> Hi, > > I try to open port. I add a rule: > > DNAT net loc:192.168.1.2 1444 - > > during check I got message Error Invalid Target fot this rule. > > Shorewall is 1.2.9 version runnig on Mandrake 9.0. > > What could be wrong?Is 192.168.1.2 the firewall or the pc behind the firewall? You have the port specified but not the protocol. tcp or udp DNAT net loc:192.168.1.2 tcp 1444 - JBanks __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
On Tue, 2003-08-19 at 02:12, Maciek wrote:> Hi, > > I try to open port. I add a rule: > > DNAT net loc:192.168.1.2 1444 - > > during check I got message Error Invalid Target fot this rule. > > Shorewall is 1.2.9 version runnig on Mandrake 9.0. > > What could be wrong?Your version of Shorewall dates from March 2002 -- the DNAT rule syntax was introduced in May 2002. The version of Shorewall that you are running hasn''t been supported for 5 months now. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net