I''ve looked through the FAQ and Troubleshooting guides but I''m still having problems getting a dnat rule to work. I am trying to forward connections on port 23389 from my public ip 76.190.252.72 to a computer on my network at 192.168.0.12. I''ve tried a couple of different online port checkers but shorewall show nat always shows that no connections have been attempted. I''ve tried a few different ports but it doesn''t seem to make a difference. I''ve gotten forwards to work to other computers on my network so I''m not sure what''s stopping this one. Shorewall dump is attached. Thanks. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
>I''ve looked through the FAQ and Troubleshooting guides but I''m still havingproblems getting a dnat rule to work Is it possible your ISP blocks connections to high ports? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Ben Solwitz wrote:> I''ve looked through the FAQ and Troubleshooting guides but I''m still > having problems getting a dnat rule to work. I am trying to forward > connections on port 23389 from my public ip 76.190.252.72 > <http://76.190.252.72> to a computer on my network at 192.168.0.12 > <http://192.168.0.12>. I''ve tried a couple of different online port > checkers but shorewall show nat always shows that no connections have > been attempted. I''ve tried a few different ports but it doesn''t seem to > make a difference. I''ve gotten forwards to work to other computers on my > network so I''m not sure what''s stopping this one. Shorewall dump is > attached. Thanks.What do your DNAT rules look like? -Tom ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Shorewall Geek wrote:> Ben Solwitz wrote: >> I''ve looked through the FAQ and Troubleshooting guides but I''m still >> having problems getting a dnat rule to work. I am trying to forward >> connections on port 23389 from my public ip 76.190.252.72 >> <http://76.190.252.72> to a computer on my network at 192.168.0.12 >> <http://192.168.0.12>. I''ve tried a couple of different online port >> checkers but shorewall show nat always shows that no connections have >> been attempted. I''ve tried a few different ports but it doesn''t seem to >> make a difference. I''ve gotten forwards to work to other computers on my >> network so I''m not sure what''s stopping this one. Shorewall dump is >> attached. Thanks. > > What do your DNAT rules look like?I think that you have this in your rules file: DNAT net loc:192.168.0.12:23389 tcp That is not correct. The rule should be: DNAT net loc:192.168.0.12 tcp 23389 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Shorewall Geek wrote:> Shorewall Geek wrote: >> Ben Solwitz wrote: >>> I''ve looked through the FAQ and Troubleshooting guides but I''m still >>> having problems getting a dnat rule to work. I am trying to forward >>> connections on port 23389 from my public ip 76.190.252.72 >>> <http://76.190.252.72> to a computer on my network at 192.168.0.12 >>> <http://192.168.0.12>. I''ve tried a couple of different online port >>> checkers but shorewall show nat always shows that no connections have >>> been attempted. I''ve tried a few different ports but it doesn''t seem to >>> make a difference. I''ve gotten forwards to work to other computers on my >>> network so I''m not sure what''s stopping this one. Shorewall dump is >>> attached. Thanks. >> What do your DNAT rules look like? > > I think that you have this in your rules file: > > DNAT net loc:192.168.0.12:23389 tcp > > That is not correct. The rule should be: > > DNAT net loc:192.168.0.12 tcp 23389 >In fact, *all* of your DNAT rules are incorrect in that way. So only the *first* tcp and *first* udp rules are matched. And they match *all* tcp and udp traffic respectively. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Looks like that was the problem, thanks for the help, and sorry for asking a dumb question. Ben On Sun, Nov 16, 2008 at 1:30 PM, Shorewall Geek <shorewalljunky@comcast.net>wrote:> Shorewall Geek wrote: > > Shorewall Geek wrote: > >> Ben Solwitz wrote: > >>> I''ve looked through the FAQ and Troubleshooting guides but I''m still > >>> having problems getting a dnat rule to work. I am trying to forward > >>> connections on port 23389 from my public ip 76.190.252.72 > >>> <http://76.190.252.72> to a computer on my network at 192.168.0.12 > >>> <http://192.168.0.12>. I''ve tried a couple of different online port > >>> checkers but shorewall show nat always shows that no connections have > >>> been attempted. I''ve tried a few different ports but it doesn''t seem to > >>> make a difference. I''ve gotten forwards to work to other computers on > my > >>> network so I''m not sure what''s stopping this one. Shorewall dump is > >>> attached. Thanks. > >> What do your DNAT rules look like? > > > > I think that you have this in your rules file: > > > > DNAT net loc:192.168.0.12:23389 tcp > > > > That is not correct. The rule should be: > > > > DNAT net loc:192.168.0.12 tcp 23389 > > > > In fact, *all* of your DNAT rules are incorrect in that way. So only the > *first* tcp and *first* udp rules are matched. And they match *all* tcp > and udp traffic respectively. > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer''s > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/