Hi All, I use rather old Shorewall 3.2.6 and I know it''s no longer supported. I haven''t been updating the software because it works as intended until now. The problem is a simple DNAT rule. I actually have around 8 DNAT rules and they all work just fine. Here is what I want to achieve. I have a SMTP server in my LAN (lets say address 192.168.1.10). The SMTP daemon listens on the TCP 25 port. I want it to be accessible from the Internet. This is the rule I use on the router with Shorewall: DNAT WAN LAN:192.168.1.10 tcp 25 - (external ip) The above rule doesn''t work (I mean Shorewall accepts it but the tests don''t prove it works). But if I change that rule to something like this: DNAT WAN LAN:192.168.1.10:25 tcp 26 - (external ip) it works. When I issue telnet (external ip) 26 I get the proper SMTP server initial message (of course I perform the test from the Internet host). Instead of port 26 I can put anything else in the rule except for 25. What''s goin on? Regards Olie ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
On 3/17/11 3:45 PM, Always GNU wrote:> > What''s goin on? >I suggest that you follow the DNAT troubleshooting tips in FAQs 1a and 1b and find out. My bet is that port 25 is being blocked before it gets to the Shorewall box. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
And your bet was right Tom. After further examination I found out that TCP 25 was unfortunatelly blocked by both ISPs I was performing tests from. Only the third one that I tried today (a free shell account) gave a right result. DNAT works perfectly. Thanks! W dniu 2011-03-17 23:53, Tom Eastep pisze:> On 3/17/11 3:45 PM, Always GNU wrote: > >> >> What''s goin on? >> > > I suggest that you follow the DNAT troubleshooting tips in FAQs 1a and > 1b and find out. My bet is that port 25 is being blocked before it gets > to the Shorewall box. > > -Tom > > > > ------------------------------------------------------------------------------ > Colocation vs. Managed Hosting > A question and answer guide to determining the best fit > for your organization - today and in the future. > http://p.sf.net/sfu/internap-sfd2d > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d