Tom Eastep wrote:> Freedman, Daniel B - Arlington, VA - Contractor wrote:
>
>> Thanks Tom,
>>
>> I rebuilt Accounting from tar and hand walked all the rules, zones,
>> interfaces, and such.
>>
>> Now Shorewall starts and I can get into services but the
DNAT''s are not
>> working.
>>
>> I used the simple form
>>
>> DNAT net loc:192.168.0.9 tcp 110
>> DNAT net loc:192.168.0.9 tcp 25
>>
>> With the objective to get from outside public IP on NET to Local IP
>> .0.9 for ports 25 & 110
>>
>> When I telnet from outside to the public on those ports it times out,
>> but the local ports are live within the local net and do respond.
>>
>> ?? any thoughts
>
>
> DNAT debugging is discussed extensively in FAQs 1a and 1b.
>
Dan,
In the future, please avoid off-list replies to me -- I usually just
ignore them.
Given that you run Mandrake, I suspect that the above rules are using
the wrong local zone name; there are warnings about this scattered all
over the Shorewall documentation -- there''s even a note on the
Shorewall
home page (Hint: your *real* local zone is called ''masq'' but
Mandrake
left the ''loc'' zone definition in the /etc/shorewall/zones
file just to
confuse you).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net