similar to: DNAT question

# shorewall version 3.2.1 SNAT is enabled. Setting up DNAT to do port forwarding -- this example looked exactly like what I wanted: (FAQ 1c) From the internet, I want to connect to port 1022 on my firewall and have the firewall forward the connection to port 22 on local system 192.168.1.3. How do I do that? In /etc/shorewall/rules: #ACTION SOURCE DEST PROTO DEST PORT

I am having a problem that I really just don''t get.... I have this in my rules file: DNAT net loc:192.168.1.2 tcp 21 21 Everything worked fine earlier today.. Now it is dropping packets destined for Port 21 /var/log/messages: Dec 14 00:36:39 pcp08479598pcs kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:0b:6a:3f:e6:72:00:01:5c:22:92:42:08:00 SRC=24.210.36.92 DST=68.57.216.61

Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html

I have two/three PPTP servers on my network and each one of them are on their own subnet and I want to be able to send traffic to each and everyone. My rules file entry is as follows DNAT net loc:1.1.1.1 tcp 1723 DNAT net loc:1.1.1.1 47 and DNAT net loc:2.2.2.2 tcp 1723 DNAT net loc:2.2.2.2 47 however all the traffic only goes to 1.1.1.1 because its the first DNAT entry. I tried the

Hi All I have had a look through the documentation but I can''t see how to do this. I want to setup DNAT for an incoming connection. The connection must be forwarded to a server on a masqueraded server behind the firewall. The tricky part is I need to forward to a different port to the one that the request arrived on. I can do this: firewall.public.ip:5800 ->

Hi all in the ShoreWall community, [please CC me since I''m not on the list] I had been using FIAIF for a little while, and the setup of ShoreWall has been much easier, the config for each operation in one place, and I''m very happy with it. That said, it looks like one of the concepts could be taken a bit further. In this case, it is actions. To get the process started, I

I have a pretty straightforward shorewall (v 2.0.12) setup in my Phoenix office. IP addresses on the firewall eth0 172.16.10.249 eth1 12.47.198.100 eth1:1 12.47.198.108 eth1:2 12.47.198.101 eth2 172.16.11.249 interfaces: loc eth0 detect net eth1 detect blacklist dmz eth2 detect vpn1 tun1 192.168.124.255 zones net Net

Hello all I wanted to forward all incoming requests in port 80 to a server in my LAN, and by using DNAT lines, it actually works. However, it is unstable, in the sense that in the beggining of each connection (one or two seconds) it is extremely fast, then it sometimes pauses and waits 30 seconds or so, then it starts again and so on. The line i used is : DNAT net loc:192.168.0.210 tcp 80 DNAT

Hi, i''m a shorewall users and i have the following problem: I have one class C range of IP''s and i have three zones (net, dmz , loc) I need create one rule to dnat one valid ip address (but not in use in one computer) to one invalid host in my loc zone. How i do? I try this: DNAT net:200.200.200.200 dmz:200.193.137.38 tcp 137,138,139,445 -

I have some hosts in a DMZ zone with proxyarp. In my local zone I have a host to which I DNAT. I have discovered that I can reach the host in the local zone by attempting to connect to the fw (As expected) or ANY proxyarped host in my dmz zone (as not expected). Is this normal ? (I''ve just discovered that actually the dnated host answers to requests sent to any IP routed to my host!)

Hello, I''m trying to setup DNAT to forward to a PPTP Server behind Shorewall. I setup the PPTP rules per your documentation with tcp port 1723 and Protocol 47 DNAT to my PPTP Server in the local zone. Looking at the logs it is dropping the connection going to port 1723. It is also dropping UDP port 1701, don''t know if it is of any significance. I looked at FAQ 1a and b and the

hi, I have a debian system with shorewall acting as a router between my adsl line and my local network. One of the things on that local network is my playstation, and I''m having trouble playing an online game with it - the game tries to access the internet, and then fails at the stage where it tries to find the game servers. The debian machine is 192.168.0.3, and the playstation is

I''ve had some issues with my network, and I''ve had to reconfigure my Gibraltar CD. It runs shorewall 1.4.8, and I have a 2-interface setup, so I downloaded the relevant files from the install page. Masq and such works, but I''m having a problem with my port forwarding. It works for port 22, but it doesn''t seem to work for any other port. I''ve turned

Hi i''ve been having some issues with shorewall lately. You see, I''m using DNAT to port forward some ports.. some for gaming are working great but i have a few port forwards that are acting strangely. First i had an HTTP server running on box 192.168.5.41 and port 8129. Now, when clients requested the page from the outside they said it looked like they were going to get it

Ok, ive been pulling whats left of my hair out trying to figure this one out and I give up. I seemingly simple DNAT is not working. Below is a snippet from my rules file. DNAT net loc:192.168.1.1:22 tcp 2022 DNAT net loc:192.168.1.175:22 tcp 1022 Basically Im trying to forward port 1022 on my firewall to a machine on my local network. My firewall machine is

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

Hello List. I''m new here, and am staring off with a pretty common question, i think. I want to have my router DNAT incomeing connections for other IP''s than it''s WAN IP. In my other setup, just adding that IP as Destination Address was enough. But that was a bit older Version of Shorwall. In my new Setup, Shorewall 2.0.7 Debian Sarge, i have this line: DNAT

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, im using shorewall 2.2.1 on a CentOS 4, im newbie with shorewall, just testing it i created a dnat rule like this #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT

So I finally got shorewall up with my linux box, which pipes out to a switch, and then my machines... Problem now is on my one machine, I have a remote admin server running on port 4899... So since I''m using masq, I added a DNAT entry in my rules instead of an ACCEPT DNAT net loc:192.168.1.3 tcp 4899 So when I try to access my remote admin using my external IP, even from inside, I

I have a debian woody machine acting as a firewall for a small network. I am trying to do a simple DNAT to port 80 on the protected webserver and masquerade all traffic from the protect subnet outbound. After having read the FAQ and various posts regarding problems with DNAT I''m afraid I''m no closer to a solution. Based on the output from "shorewall show nat" I