Shorewall users - Feb 2005 - DNAT Entry In Rules Isn''t Working...

So I finally got shorewall up with my linux box, which pipes out to a
switch, and then my machines...

Problem now is on my one machine, I have a remote admin server running on
port 4899... So since I''m using masq, I added a DNAT entry in my rules
instead of an ACCEPT


DNAT	net	loc:192.168.1.3	tcp	4899

So when I try to access my remote admin using my external IP, even from
inside, I can''t connect. I have no problems connecting using the local
192.168.1.3 address... of course this is useless since I need access from
outside =)

Am I missing something tha would allow this to work? I copied the example
for the web server in the rules file, and just switched the ports.

Dan Mayer wrote:
> So I finally got shorewall up with my linux box, which pipes out to a
> switch, and then my machines...
> 
> Problem now is on my one machine, I have a remote admin server running on
> port 4899... So since I''m using masq, I added a DNAT entry in my
rules
> instead of an ACCEPT
> 
> 
> DNAT	net	loc:192.168.1.3	tcp	4899
> 
> So when I try to access my remote admin using my external IP, even from
> inside,
You cannot connect from the inside using the external IP -- see FAQ 2.

I can''t connect. I have no problems connecting using the
local
> 192.168.1.3 address... of course this is useless since I need access from
> outside =)
> 
> Am I missing something tha would allow this to work? I copied the example
> for the web server in the rules file, and just switched the ports.
Please follow the DNAT troubleshooting instructions in FAQs 1a and 1b.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key