Hi,
I have a problem with a forwarding rule, although I scanned through all
docs yet ...
I want to forward smb requests which come from an external zone (urban)
to the firewall machine to be re-directed to another machine in the
internal zone (nw). The firewall machine hosts a smb server itself, but
only on the internal interface (corresponding to the "nw" zone) I added
the following ruleset:
----------------------------------------------------------
# SMB nach NAS
# DNAT urban nw:192.168.72.2:137 udp 137
- 192.168.172.1
# DNAT urban nw:192.168.72.2:138 udp 138
- 192.168.172.1
# DNAT urban nw:192.168.72.2:139 tcp 139
- 192.168.172.1
# DNAT urban nw:192.168.72.2:445 tcp 445
- 192.168.172.1
----------------------------------------------------------
here ist the output of "shorewall show nat":
----------------------------------------------------------
Shorewall 4.4.5.2 NAT Table at locutus - Wed Jan 6 22:01:57 CET 2010
Counters reset Wed Jan 6 22:01:55 CET 2010
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 dnat all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 urban_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 192.168.72.0/24 0.0.0.0/0
Chain urban_dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT udp -- * * 0.0.0.0/0 192.168.172.1
udp dpt:137 to:192.168.72.2:137
0 0 DNAT udp -- * * 0.0.0.0/0 192.168.172.1
udp dpt:138 to:192.168.72.2:138
0 0 DNAT tcp -- * * 0.0.0.0/0 192.168.172.1
tcp dpt:139 to:192.168.72.2:139
0 0 DNAT tcp -- * * 0.0.0.0/0 192.168.172.1
tcp dpt:445 to:192.168.72.2:445
----------------------------------------------------------
I can reach the firewall machine throught smbclient: answers come back
if I open the local smb server to respond to requests from the "urban"
zone. But if I close the local server for this side and add the
forwarding rule, I don't get any response from the ...72.2 machine.
Where is my fault? Did I miss something obvious? Do I have a conflict
with some other NAT rule? I'm a bit lost now, would be very nice if
someone can give me the crucial hint ;-)
Greetings, Thomas
--
------------------------------------------
* Thommie Rother *
* Mail: [email protected] *
------------------------------------------
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
