I am having a problem that I really just don''t get.... I have this in my rules file: DNAT net loc:192.168.1.2 tcp 21 21 Everything worked fine earlier today.. Now it is dropping packets destined for Port 21 /var/log/messages: Dec 14 00:36:39 pcp08479598pcs kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:0b:6a:3f:e6:72:00:01:5c:22:92:42:08:00 SRC=24.210.36.92 DST=68.57.216.61 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=50625 DF PROTO=TCP SPT=8753 DPT=21 WINDOW=64512 RES=0x00 SYN URGP=0 From shorewall check : Validating rules file... Rule "DNAT net loc:192.168.1.2 tcp 21 21 " checked. Validating Actions... From iptables -L Chain net2loc (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere 192.168.1.2 tcp spt:ftp dpt:ftp net2all all -- anywhere anywhere From what I can tell, it should be working as expected, but it''s not. Any ideas?? ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
----Message d''origine----- De : shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] De la part de Gary E. Terry Envoyé : mercredi 14 décembre 2005 06:42 À : shorewall-users@lists.sourceforge.net Objet : [Shorewall-users] DNAT config not working I am having a problem that I really just don''t get.... I have this in my rules file: DNAT net loc:192.168.1.2 tcp 21 21 Everything worked fine earlier today.. Now it is dropping packets destined for Port 21 /var/log/messages: Dec 14 00:36:39 pcp08479598pcs kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:0b:6a:3f:e6:72:00:01:5c:22:92:42:08:00 SRC=24.210.36.92 DST=68.57.216.61 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=50625 DF PROTO=TCP SPT=8753 DPT=21 WINDOW=64512 RES=0x00 SYN URGP=0 From shorewall check : Validating rules file... Rule "DNAT net loc:192.168.1.2 tcp 21 21 " checked. Validating Actions... =========================== Hello The DNAT rule shown here says that the source and destination port is 21 also. This is wrong as you come from port 8753 or any port above 1024 A rule like "DNAT net loc:192.168.1.2 tcp 21 -" where 21 is only the destination port works better. Manuel ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
Thank you Manuel! ----- Original Message ----- From: "Manuel Goepfert" <manuel@escapade.ch> To: <shorewall-users@lists.sourceforge.net> Sent: Wednesday, December 14, 2005 2:35 AM Subject: RE: [Shorewall-users] DNAT config not working ----Message d''origine----- De : shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] De la part de Gary E. Terry Envoyé : mercredi 14 décembre 2005 06:42 À : shorewall-users@lists.sourceforge.net Objet : [Shorewall-users] DNAT config not working I am having a problem that I really just don''t get.... I have this in my rules file: DNAT net loc:192.168.1.2 tcp 21 21 Everything worked fine earlier today.. Now it is dropping packets destined for Port 21 /var/log/messages: Dec 14 00:36:39 pcp08479598pcs kernel: Shorewall:net2all:DROP:IN=eth0 OUTMAC=00:0b:6a:3f:e6:72:00:01:5c:22:92:42:08:00 SRC=24.210.36.92 DST=68.57.216.61 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=50625 DF PROTO=TCP SPT=8753 DPT=21 WINDOW=64512 RES=0x00 SYN URGP=0 From shorewall check : Validating rules file... Rule "DNAT net loc:192.168.1.2 tcp 21 21 " checked. Validating Actions... =========================== Hello The DNAT rule shown here says that the source and destination port is 21 also. This is wrong as you come from port 8753 or any port above 1024 A rule like "DNAT net loc:192.168.1.2 tcp 21 -" where 21 is only the destination port works better. Manuel ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=ick _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click