I use shorewall 3.0.5. Since any days I've a problem. One rule doesn't work correctly.
DNAT:info net:$ALSO dmz:192.168.109.2 tcp 22 $ALSO contents one public adress. In /var/log/messages I see the information, that rule works. Mar 8 08:52:38 vsagate kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:e0:18:46:ef:15:00:a0:57:12:16:e8:08:00 SRC=212.232.233.142 DST=192.168.109.2 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=26107 DF PROTO=TCP SPT=37209 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 8 08:52:39 vsagate kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:e0:18:46:ef:15:00:a0:57:12:16:e8:08:00 SRC=212.232.233.142 DST=192.168.109.2 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=54544 DF PROTO=TCP SPT=37210 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 8 08:52:39 vsagate kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:e0:18:46:ef:15:00:a0:57:12:16:e8:08:00 SRC=212.232.233.142 DST=192.168.109.2 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=19614 DF PROTO=TCP SPT=37211 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 On destination machine I can't determine connections in /var/log/messages. I've tested the same with ACCEPT:info, it also didn't work. Successfully connections are there only one time per hour. Thank's for usefully hints. Michael Menkhoff ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
