sangprabv wrote: > Hi, > I have several virtual IP on my FW and one of them is eth1:4 1.2.3.4. I > want connection from IP 2.3.4.5:3499 (the internet) to 1.2.3.4:3499 > forward to 5.6.7.8 which is behind the firewall. I have create this > rule: > DNAT net:2.3.4.5 loc:5.6.7.8 tcp 3499 - 1.2.3.4
If you want to enforce both the source and dest port restrictions, you want: DNAT net:2.3.4.5 loc:5.6.7.8 tcp 3499 3499 1.2.3.4 One question -- how are you ensuring that the client at 2.3.4.5 is binding to port 3499? > Why the connection can't be made? Should I use ACCEPT? TIA See the DNAT debugging tips in Shorewall FAQs 1a and 1b. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
