one more update as i continue to fumble through this.
i'm using this guide to try and work through the issue: http://www.shorewall.net/FAQ.htm#faq1a under "(FAQ 1a) Okay -- I followed those instructions but it doesn't work" it gives some instructions. the results of 'shorewall show nat' fit the following: "Is the packet count in the first column non-zero? If so, the connection request is reaching the firewall and is being redirected to the server. In this case, the problem is usually a missing or incorrect default gateway setting on the local system (the system you are trying to forward to -- its default gateway should be the IP address of the firewall's interface to that system)." so the DNAT lines are being applied, and are being redirected by the router. sadly, they're not making it to my local machine at the specified IP. i've tried manually setting my IP at the local machine as well, explicitly setting the gateway as 192.168.1.254 (the bering firewall)... and the net connection works just as well, but again no redirected incoming traffic from the specified ports. it's difficult for me to see what i'm doing wrong. hopefully someone can help. > From: the_superch...@hotmail.com > To: leaf-user@lists.sourceforge.net > Date: Thu, 17 Feb 2011 11:17:32 -0500 > Subject: Re: [leaf-user] shorewall - DNAT rules not being applied > > > let me update this inquiry. i got rid of all the errors related to date/time > by getting ntpd up and running... so all that's sorted now. > > > the only error (warning) that results from 'restart shorewall' is now: > > > > Processing /etc/shorewall/init ... > WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not > appear to have ip6tables > > > however, the DNAT rules are still not being applied. > > > > > > > > From: the_superch...@hotmail.com > > To: leaf-user@lists.sourceforge.net > > Date: Thu, 17 Feb 2011 10:20:29 -0500 > > Subject: [leaf-user] shorewall - DNAT rules not being applied > > > > > > greetings. still working on getting my configuration to 100%. still > > having a few issues that i need assistance with. > > > > > > this time it's shorewall. i'm trying to apply general port forwarding > > rules in /etc/shorewall/rules > > > > > > example (remote desktop): > > DNAT net loc:192.168.1.196 tcp 3389 > > > > > > > > save, and restart shorewall via 'shorewall restart' > > > > > > as part of the output, i get the following errors: > > Shorewall configuration compiled to /var/lib/shorewall/.restart > > sh: invalid number 'Jan' > > sh: invalid number '%_d' > > sh: invalid number '19:24:19' > > Processing /etc/shorewall/params ... > > Jan %_d 19:24:19 Processing /etc/shorewall/params ..Usage: > > /var/lib/shorewall/.restart [ options ] [ > > start|stop|clear|down|reset|refresh|restart|status|up|version ] > > > > > > > > i spoke to the people in the shorewall IRC channel on freenode, and they > > said to talk to the leaf people: "They have a fix that works around the > > limited 'date' program on Bering" > > > > > > as a side note that may or may not be relevant, my date/time on the > > firewall are not correct. haven't had success in setting that yet, either. > > > > > > thanks in advance. > > > > ------------------------------------------------------------------------------ > > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > > Pinpoint memory and threading errors before they happen. > > Find and fix more than 250 security defects in the development cycle. > > Locate bottlenecks in serial and parallel code that limit performance. > > http://p.sf.net/sfu/intel-dev2devfeb > > ------------------------------------------------------------------------ > > leaf-user mailing list: leaf-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > Support Request -- http://leaf-project.org/ > > ------------------------------------------------------------------------------ > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
