Hi all,
I have a firewall problem with accessing an internal router with 2 public IP
addresses and one internal IP address. Port 25 should be mapped by Shorewall
to internal port 825 for one of the addresses. Connection is established,
but only with the same port without redirection.
I am using Shorewall 1.4.7 and three interfaces. Here are some sample
cutouts from my configuration files. The last rule doesn''t work, but I
don''t
know why. After deleting the nat entry for this address it worked for a
short period. Please help me to repair the error and to understand
what''s
going wrong!
#zones
net Net Internet
loc004 loc004 4 Net
loc041 loc041 41 Net
loc Local Local networks
dmz DMZ Demilitarized zone
#hosts
loc004 eth1:192.168.4.0/24
loc041 eth1:192.168.41.0/24
loc eth1:192.168.0.0/16
net eth0:0.0.0.0/0
#interfaces
net eth0 217.157.163.255 norfc1918,dropunclean,routefilter
- eth1 detect dropunclean,newnotsyn
dmz eth2 172.16.6.255 dropunclean
#masq
eth0 eth1!192.168.41.254
eth0 eth2 217.157.163.220
#nat
217.157.163.139 eth0:1 192.168.41.254 no no
217.157.163.140 eth0:2 192.168.41.254 no no
#policy
loc004 all CONTINUE
loc041 all CONTINUE
loc dmz DROP INFO
loc net DROP INFO
loc fw DROP INFO
dmz net DROP INFO
fw net DROP INFO
net all DROP INFO
all all REJECT INFO
#rules
ACCEPT:info net loc041:192.168.41.254 icmp 8
ACCEPT:info loc net icmp 8
ACCEPT:info loc004 net tcp
http,https,pop3,smtp,ftp,imap
ACCEPT:info loc041:192.168.41.254 net tcp
http,https,pop3,smtp,ftp,ldap,nntp,imap,ssh
ACCEPT:info net loc041:192.168.41.254 tcp
http,https,pop3,smtp,imap,ftp,ssh,825
DNAT:info net loc041:192.168.41.254 all - -
217.157.163.139
DNAT:info net loc041:192.168.41.254:825 tcp 25,825 -
217.157.163.140