Joshua J. Kugler wrote: > I've read the docs, I've experimented, and I've looked at everything I know > to > look at, and I know I'm going to feel REALLY silly when I get the answer, but > right now I'm stuck. > > I have these lines in the rules file: > SECTION NEW > FTP/ACCEPT net fw > SSH/ACCEPT net fw > Web/ACCEPT net fw > NTP/ACCEPT net fw > ACCEPT fw fw tcp 3306 # which I shouldn't need > ACCEPT net fw tcp 3306 #ditto > DNAT fw net:216.115.115.250:3307 tcp 3306 - > > Policy: > fw net ACCEPT > net all DROP info > all all REJECT info > > Zones: > fw firewall > net ipv4 > > telnet'ing to 111.111.111.111 prot 3307 works just fine. But when I try to > telnet to port localhost 3306, I get a timeout.
I've experimented with this as well and apparently this is another one of those cases where the 127.0.0.0/8 subnet doesn't obey the rules. If you place 1.2.3.4 in the ORIGINAL DEST column, then if you attempt to connect to 1.2.3.4:3306, it will work. Sorry -- I see nothing that Shorewall could do differently that would help. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
