I am having a problem getting DNAT to work! i have a wide open
firewall(oxymoron?) with 2 zones. all zones are set to ACCEPT!
i have rule:
Telnet/DNAT:info net loc:10.223.8.10
which *starts* to work but never does the forward. here is the result from
the log:
Mar 11 16:33:52 mail kernel: [21357.980000] Shorewall:net_dnat:DNAT:IN=eth1
OUT= MAC=00:e0:81:75:54:8f:00:0b:46:e0:b6:31:08:00 SRC=*hidden_ip*
DST=*hidden_ip* LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=21161 DF PROTO=TCP
SPT=13701 DPT=23 WINDOW=8192 RES=0x00 SYN URGP=0
it says DNAT, has my source IP and the internet IP of the server. I am
connection from a seperate internet connection.
my goal is that i will change the 'net' to 'net:remote_ip' so that telnet
will only be accepted from that one IP address. I would also like to DNAT
ssh to various machines by different incoming ports BUT i can't even get
this NAT to work.
ubuntu 7.10.
i have set 'IP_FORWARDING=On' in shorewall.conf, it was originally at
"IP_FORWARDING=Keep"
any help would be awesome. thanks
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
