I apologize before hand for my newbie question, but I have done the research and I still cant find a solution. Shoreline 1.4.8 Problem: Firewall isent allowing me to port forward to server Port Open = 3389 (RDP) Line added for Port Forwarding:DNAT net loc:192.168.42.5 tcp 3389 Error Produced: Mar 11 06:37:40 net2allROP:IN=ppp0 OUT=eth1 SRC=64.x.x.xxx DST=192.168.42.2 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=42157 DF PROTO=TCP SPT=58605 DPT=3389 WINDOW=64512 RES=0x00 SYN URGP=0 Shorewall restart I have no idea why the firewall isent port forwarding as stated in this line. Any ideas??? Any help is more then welcomed. Internet connectivity is fine. Rob W.
Robert G.Walden wrote:> I apologize before hand for my newbie question, but I have done the research and I still cant find a solution. > Shoreline 1.4.8Please upgrade at your earliest convenience -- Shorewall 1.4 is no longer supported.> Problem: Firewall isent allowing me to port forward to server > Port Open = 3389 (RDP) > Line added for Port Forwarding:DNAT net loc:192.168.42.5 tcp 3389 > Error Produced: > > Mar 11 06:37:40 net2allROP:IN=ppp0 OUT=eth1 SRC=64.x.x.xxx DST=192.168.42.2 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=42157 DF PROTO=TCP SPT=58605 DPT=3389 WINDOW=64512 RES=0x00 SYN URGP=0 > > > > Shorewall restart > > > > I have no idea why the firewall isent port forwarding as stated in this line. Any ideas??? Any help is more then welcomed. Internet connectivity is fine.Please read http://shorewall.net/support.htm for information about how to submit a problem report. Pay particular attention to the part that begins THIS IS IMPORTANT!. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Robert G.Walden wrote: > >>I apologize before hand for my newbie question, but I have done the research and I still cant find a solution. >>Shoreline 1.4.8 > > > Please upgrade at your earliest convenience -- Shorewall 1.4 is no > longer supported. > > >>Problem: Firewall isent allowing me to port forward to server >>Port Open = 3389 (RDP) >>Line added for Port Forwarding:DNAT net loc:192.168.42.5 tcp 3389 >>Error Produced: >> >>Mar 11 06:37:40 net2allROP:IN=ppp0 OUT=eth1 SRC=64.x.x.xxx DST=192.168.42.2 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=42157 DF PROTO=TCP SPT=58605 DPT=3389 WINDOW=64512 RES=0x00 SYN URGP=0 >> >> >> >>Shorewall restart >> >> >> >>I have no idea why the firewall isent port forwarding as stated in this line. Any ideas??? Any help is more then welcomed. Internet connectivity is fine. > > > Please read http://shorewall.net/support.htm for information about how > to submit a problem report. Pay particular attention to the part that > begins THIS IS IMPORTANT!. >Before you do that though, here is something to check. The destination IP address is being rewritten to 192.168.42.2 but your DNAT rule specifies 192.168.42.5. This means that the address is being rewritten BEFORE the packet passes through the ''nat'' table DNAT rule generated by your rule. In Shorewall 1.4, by default entries in /etc/shorewall/nat were applied BEFORE entries in the rules file; do you have an entry for 64.x.x.xxx <-> 192.168.42.2 in your /etc/shorewall/nat file? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key