Hi, I''m struggling with a simple problem and need some help. I have a remote XP laptop connecting with SSH to my linux firewall (RH9, kernel 2.6) and creating a tunnel to port 5995 on the firewall. So now traffic going from the laptop localhost port 5902 is tunnelled to my firewall port 5995. That''s working fine. On my local network I have an XP box I want to control with RealVNC 4. VNC viewer from the firewall to the XP box works fine. I''m trying to forward port 5995 on the firewall to host 192.168.2.101 port 5900 and can''t make it work. I have tried almost everything in the rules file to no avail. I used to do that with no problems with guarddog/guidedog but decided to give shorewall a try. Any help is appreciated. Thanks, Laurent
Laurent on Dellus.com wrote:> Hi, > > I''m struggling with a simple problem and need some help. > > I have a remote XP laptop connecting with SSH to my linux firewall (RH9, > kernel 2.6) and creating a tunnel to port 5995 on the firewall. So now > traffic going from the laptop localhost port 5902 is tunnelled to my > firewall port 5995. That''s working fine. > > On my local network I have an XP box I want to control with RealVNC 4. VNC > viewer from the firewall to the XP box works fine. > > I''m trying to forward port 5995 on the firewall to host 192.168.2.101 port > 5900 and can''t make it work. > > I have tried almost everything in the rules file to no avail. > > I used to do that with no problems with guarddog/guidedog but decided to > give shorewall a try. > > Any help is appreciated.DNAT fw loc:192.168.2.101:5900 tcp 5995 - 127.0.0.1 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Hi Tom, Thanks for your quick reply. Your solution doesn''t work although I''m sure it''s correct. I was close, I just forgot the localhost at the end. It doesn''t work because I get: iptables: Invalid argument Processing /etc/shorewall/stop ... IP Forwarding Enabled Processing /etc/shorewall/stopped ... Terminated I''m using iptables v1.2.9. My kernel is 2.6.7. Thanks, Laurent
Laurent on Dellus.com wrote:> Hi Tom, > > Thanks for your quick reply. > > Your solution doesn''t work although I''m sure it''s correct. I was close, I just forgot the localhost at the end. > > It doesn''t work because I get: > > iptables: Invalid argument > Processing /etc/shorewall/stop ... > IP Forwarding Enabled > Processing /etc/shorewall/stopped ... > Terminated > > I''m using iptables v1.2.9. > > My kernel is 2.6.7. >Your kernel apparently doesn''t support DNAT in the output chain. That''s a build-time option. I know that the solution works because I tested it. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Hi Tom, You were correct about the missing support for DNAT in my kernel. The local nat support was actually missing but that''s of course exactly what I needed. Thanks a lot for your help and sorry for bothering you. Laurent