On Saturday 22 October 2005 10:28, Tom Eastep wrote: > On Saturday 22 October 2005 06:39, Michael D Schleif wrote: > > Tested Scenarios > > ---------------- > > I. When I do this: > > > > DNAT net loc:$A:22 tcp 60022 > > > > then, I can successfully ssh from [C] to [A]; but, the proxy at [B] > > prevents ssh from [B] to [A]. > > > > II. When I do this: > > > > DNAT net loc:$A:22 tcp 443 > > > > shorewall *fails* to allow the connection from anywhere to [A]; and > > there are *NO* messages in /var/log/shorewall.log. > > To Shorewall, there is absolutely no difference between those two cases.
Given that fact of life, you need to look outside of that particular rule for the root of the problem. a) Is there a DNAT or NONAT rule for port 443 earlier in the rules file? b) There are DNAT troubleshooting instructions in Shorewall FAQs 1a and 1b that may help you. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
pgpTbsBHSWDHz.pgp
Description: PGP signature
