Shorewall users - Dec 2006 - DNAT Not Working; Attempts Not Logged

System: Tinysofa 2 (Odin)
Shorewall ver. 3.2.5
interfaces:
net    eth0    192.168.111.2 mask 255.255.255.252 gw 192.168.111.1
loc    eth1    192.168.0.11  mask 255.255.255.0

trying to forward HTTP connections from 192.168.111.1 (net) on eth0
(net) to local address 192.168.0.9 (a web server) - attempts not even
logged (using debug setting for logging all new connections), while SSH
connections are logged (successful or not).

rule from /etc/shorewall/rules:

DNAT   net     loc:192.168.0.9    tcp    http

(tried ''DNAT   net   loc:192.168.0.9   tcp   80'' -
doesn''t work
either).

Please help.

Joro


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

What distribution ?
Did you set      ip forward = on      in the kernel ??

Fábio Rabelo

g.yordanov@dir.bg escreveu:
> System: Tinysofa 2 (Odin)
> Shorewall ver. 3.2.5
> interfaces:
> net    eth0    192.168.111.2 mask 255.255.255.252 gw 192.168.111.1
> loc    eth1    192.168.0.11  mask 255.255.255.0
>
> trying to forward HTTP connections from 192.168.111.1 (net) on eth0
> (net) to local address 192.168.0.9 (a web server) - attempts not even
> logged (using debug setting for logging all new connections), while SSH
> connections are logged (successful or not).
>
> rule from /etc/shorewall/rules:
>
> DNAT   net     loc:192.168.0.9    tcp    http
>
> (tried 'DNAT   net   loc:192.168.0.9   tcp   80' - doesn't work
> either).
>   

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Distro = tinysofa 2 (kernel 2.6.9)

ip forward = on

Joro

On Mon, 11 Dec 2006 10:14:10 -0200
 Fábio Rabelo <fabior@ajato.com.br> wrote:
> What distribution ?
> Did you set      ip forward = on      in the kernel ??
> 
> Fábio Rabelo
> 
> g.yordanov@dir.bg escreveu:
> > System: Tinysofa 2 (Odin)
> > Shorewall ver. 3.2.5
> > interfaces:
> > net    eth0    192.168.111.2 mask 255.255.255.252 gw 192.168.111.1
> > loc    eth1    192.168.0.11  mask 255.255.255.0
> >
> > trying to forward HTTP connections from 192.168.111.1 (net) on eth0
> > (net) to local address 192.168.0.9 (a web server) - attempts not
> even
> > logged (using debug setting for logging all new connections), while
> SSH
> > connections are logged (successful or not).
> >
> > rule from /etc/shorewall/rules:
> >
> > DNAT   net     loc:192.168.0.9    tcp    http
> >
> > (tried 'DNAT   net   loc:192.168.0.9   tcp   80' - doesn't
work
> > either).
> >   
> 
> 
>
-------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to
> share your
> opinions on IT & business topics through brief surveys - and earn
> cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

g.yordanov@dir.bg írta:
> rule from /etc/shorewall/rules:
>
> DNAT   net     loc:192.168.0.9    tcp    http
>   
try this:

DNAT   net     loc:192.168.0.9:80    tcp    80

Gabor Kiss



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

g.yordanov@dir.bg wrote:
> System: Tinysofa 2 (Odin)
> Shorewall ver. 3.2.5
> interfaces:
> net    eth0    192.168.111.2 mask 255.255.255.252 gw 192.168.111.1
> loc    eth1    192.168.0.11  mask 255.255.255.0
> 
> trying to forward HTTP connections from 192.168.111.1 (net) on eth0
> (net) to local address 192.168.0.9 (a web server) - attempts not even
> logged (using debug setting for logging all new connections), while SSH
> connections are logged (successful or not).
> 
> rule from /etc/shorewall/rules:
> 
> DNAT   net     loc:192.168.0.9    tcp    http
> 
> (tried ''DNAT   net   loc:192.168.0.9   tcp   80'' -
doesn''t work
> either).
> 
> Please help.
Your first rule is correct (and is equivalent to your second rule).

Please follow the DNAT troubleshooting steps outlined in Shorewall FAQs
1a and 1b.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tried, didn't help :( Didn't even log my connection attempts. Of course
shorewall restarted.

On Mon, 11 Dec 2006 13:29:59 +0100
 Kiss Gábor <bobek_@freemail.hu> wrote:
> g.yordanov@dir.bg írta:
> > rule from /etc/shorewall/rules:
> >
> > DNAT   net     loc:192.168.0.9    tcp    http
> >   
> try this:
> 
> DNAT   net     loc:192.168.0.9:80    tcp    80
> 
> Gabor Kiss
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users