Tom => * Tom Eastep <[EMAIL PROTECTED]> [2005:10:22:10:57:37-0700] scribed: > On Saturday 22 October 2005 10:28, Tom Eastep wrote: > > On Saturday 22 October 2005 06:39, Michael D Schleif wrote: > > > Tested Scenarios > > > ---------------- > > > I. When I do this: > > > > > > DNAT net loc:$A:22 tcp 60022 > > > > > > then, I can successfully ssh from [C] to [A]; but, the proxy at [B] > > > prevents ssh from [B] to [A]. > > > > > > II. When I do this: > > > > > > DNAT net loc:$A:22 tcp 443 > > > > > > shorewall *fails* to allow the connection from anywhere to [A]; and > > > there are *NO* messages in /var/log/shorewall.log. > > > > To Shorewall, there is absolutely no difference between those two cases. > > Given that fact of life, you need to look outside of that particular rule for > the root of the problem. > > a) Is there a DNAT or NONAT rule for port 443 earlier in the rules file? > b) There are DNAT troubleshooting instructions in Shorewall FAQs 1a and 1b > that may help you. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ [EMAIL PROTECTED] > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Wow! Thank you -- and on the weekend to boot ... I found it, corrected it, and now it works! Your troubleshooting FAQ's did help me, especially 1b. At first, I wanted to dismiss them, because I had already ruled out everything in 1a; but, taking my patience paid off ;> Thank you, for all of your work, and your sound advice ... -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --
signature.asc
Description: Digital signature
