I use shorewall 3.0.5.
Since any days I''ve a problem. One rule doesn''t work
correctly.
DNAT:info net:$ALSO dmz:192.168.109.2 tcp 22
$ALSO contents one public adress.
In /var/log/messages I see the information, that rule works.
Mar 8 08:52:38 vsagate kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT=
MAC=00:e0:18:46:ef:15:00:a0:57:12:16:e8:08:00 SRC=212.232.233.142
DST=192.168.109.2 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=26107 DF PROTO=TCP
SPT=37209 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 8 08:52:39 vsagate kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT=
MAC=00:e0:18:46:ef:15:00:a0:57:12:16:e8:08:00 SRC=212.232.233.142
DST=192.168.109.2 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=54544 DF PROTO=TCP
SPT=37210 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 8 08:52:39 vsagate kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT=
MAC=00:e0:18:46:ef:15:00:a0:57:12:16:e8:08:00 SRC=212.232.233.142
DST=192.168.109.2 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=19614 DF PROTO=TCP
SPT=37211 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
On destination machine I can''t determine connections in
/var/log/messages.
I''ve tested the same with ACCEPT:info, it also didn''t work.
Successfully connections are there only one time per hour.
Thank''s for usefully hints.
Michael Menkhoff
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV