similar to: DNAT Entry In Rules Isn''t Working...

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

# shorewall version 3.2.1 SNAT is enabled. Setting up DNAT to do port forwarding -- this example looked exactly like what I wanted: (FAQ 1c) From the internet, I want to connect to port 1022 on my firewall and have the firewall forward the connection to port 22 on local system 192.168.1.3. How do I do that? In /etc/shorewall/rules: #ACTION SOURCE DEST PROTO DEST PORT

Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, im using shorewall 2.2.1 on a CentOS 4, im newbie with shorewall, just testing it i created a dnat rule like this #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT

I have a pretty straightforward shorewall (v 2.0.12) setup in my Phoenix office. IP addresses on the firewall eth0 172.16.10.249 eth1 12.47.198.100 eth1:1 12.47.198.108 eth1:2 12.47.198.101 eth2 172.16.11.249 interfaces: loc eth0 detect net eth1 detect blacklist dmz eth2 detect vpn1 tun1 192.168.124.255 zones net Net

Hi everyone! I''m having time out problems when using a DNAT rule. Rule: DNAT:info cmtc loc:192.168.0.158 tcp 8011 Log: Mar 17 17:50:17 gw kernel: [1583997.524924] Shorewall:cmtc_dnat:DNAT:IN=eth3 OUT= SRC=10.1.0.2 DST=10.0.0.2 LEN=60 TOS=0x10 PREC=0x00 TTL=62 ID=4279 DF PROTO=TCP SPT=32791 DPT=8011 WINDOW=5840 RES=0x00 SYN URGP=0 Telnet: root@emudar:~# telnet

Dear experts, Quick quotation... I have a sendmail server behind the shorewall-2.1.7 server. I would like to do Port forwarding (DNAT) for clients on the internet, who need to access the mail server. Please let me know, which way is the most suitable to accomplish this; using following 2 types of configurations Setup - Internet -- > shorewall -- > sendmail

Hi i''ve been having some issues with shorewall lately. You see, I''m using DNAT to port forward some ports.. some for gaming are working great but i have a few port forwards that are acting strangely. First i had an HTTP server running on box 192.168.5.41 and port 8129. Now, when clients requested the page from the outside they said it looked like they were going to get it

Whenever I add or remove a DNAT rule such as: iptables -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.1 there is sometimes a delay before the correct nat''ing is done. Can anyone tell me why this is? Is it something to do with caching of routing tables? If so, is there a way to clear them to ensure that the rule takes effect immediately? I am building a simple

I''ve had some issues with my network, and I''ve had to reconfigure my Gibraltar CD. It runs shorewall 1.4.8, and I have a 2-interface setup, so I downloaded the relevant files from the install page. Masq and such works, but I''m having a problem with my port forwarding. It works for port 22, but it doesn''t seem to work for any other port. I''ve turned

Hello, On my systems i use shorewall 3.2.6. Now all systems where replace by new ones with new ip''s. So i tried with DNAT to map the old ip''s to the new one as long as DNS is updated. But i didn''t get it work. I see in tcpdump that a connect from client-ip to new-server-ip is done while connection the old on. But i get no response. Did i configure something in the

I have a debian woody machine acting as a firewall for a small network. I am trying to do a simple DNAT to port 80 on the protected webserver and masquerade all traffic from the protect subnet outbound. After having read the FAQ and various posts regarding problems with DNAT I''m afraid I''m no closer to a solution. Based on the output from "shorewall show nat" I

I have been trying to get DNAT to work and I actually have succeeded too, however, not how I thought it would work when reading through the documentation. 1. No matter what I do I cannot get DNAT to work unless I have an entry in eiter the nat or the proxyarp file. Is that really how it''s supposed to be? I can''t find anything about it in the documentation. 2. Also, in the

interfaces: local eth0 192.168.1.255 dhcp golive eth1 172.30.15.255 wiredc eth2 202.37.230.127 dhcp wave eth3 203.96.213.255 hosts: ipsec eth2:192.168.192.0/24 rules: DNAT wiredc local:192.168.1.3 tcp 80 - DNAT wave local:192.168.1.3 tcp 80 - 203.96.213.73 The rules here

Hi, im running shorewall 2.0.16 with centos 3 (iptables v1.2.8), everything is working fine for several days, i have configured a masq lan and all the outgoing traffic is ok, but now i want to redirect (port forward) the external web traffic to an internal machine, somethig like this INTERNET ---------> SHOREWALL -------------------> INTERNAL_MACHINE [public

Hello all, I have a problem with external access to a postfix mailserver running on my firewall as a mail-gateway. My setup with shorewall 2.2.0 rc4 is as follows: eth0 is zone isf - this is an intranet to other companies eth1 is zone loc - local network eth2 is zone net - internet, fix ip adress eth0 and eth1 are bridged shorewall version 2.2.0-RC4 ip addr show 1: lo: <LOOPBACK,UP> mtu

hi, there was some email problems and i repeat my question too fast, but this is the second part of my questions. - only the rules and policy files give access right? ie. rules in the FORWARD chain of the filter table in iptables ? - is a line in masq file automaticaly add an accept rule too? eg. in msaq file eth0 <internal ip> allow connection from <internal ip> (local zona) to the

I have a lan with shorewall running as firewall and two local machines, where 10.1.1.2 and 10.1.1.15 are two internal mail servers and where 124.124.124.124 and 123.123.123.123 are the external IPs for the mail servers. The two mail servers need to communicate with each other via smtp (for sending mail from domains hosted on one to the other) but its giving issues. Specificaly when one server

Hi All I have had a look through the documentation but I can''t see how to do this. I want to setup DNAT for an incoming connection. The connection must be forwarded to a server on a masqueraded server behind the firewall. The tricky part is I need to forward to a different port to the one that the request arrived on. I can do this: firewall.public.ip:5800 ->

Hi, Sorry, not an experienced shorewall user, this is my first basic setup. This starts to drive me crazy. I wanted to use DNAT to forward port 33890 to an internal machine (windows) port 3389. To reach my workstation when I''m not home. In my rules : DNAT:debug net loc:192.168.0.11:3389 tcp 33890 - pub.lic.ip.add #SECTION BLACKLIST #well known port scans DROP net