If you want to let your local machines access the internet by telnet than DNAT is the wrong choice. DNAT is for access from internet to local machines.
You should try something like (rules file) ACCEPT loc:192.168.8.37 net:5.4.3.2 tcp 55000 If you have policy ACCEPT loc net The rule will be useless. If your first client can but your sencond cant access, I guess you already have some rules or policies allowing this. In this case I suggest to doublecheck your masq file whether you only masq 192.168.8.35 or the whole network e.g. 192.168.8.0/24? Cheers Mike -----Ursprüngliche Nachricht----- Von: sangprabv [mailto:[email protected]] Gesendet: Freitag, 5. Februar 2010 09:28 An: Shorewall Users Betreff: [Shorewall-users] DNAT Problem Hi, I have a client behind shorewall which has 2 IP: 192.168.8.35 is the real IP and 192.168.8.37 is the virtual IP. I have added DNAT rules into shorewall: DNAT net loc:192.168.8.35 tcp 11008 - 1.2.3.4 DNAT net loc:192.168.8.37 tcp 55000 - 1.2.3.5 1.2.3.4 and 1.2.3.5 is virtual IP on firewall side I want 192.168.8.35 able to telnet to my partner IP 9.8.7.6:11008 and it can connect OK. And I want also 192.168.8.37 able to my partner IP 5.4.3.2:55000 and this one FAIL. If i try telnet my.partner.ip.add:55000 -b 1.2.3.5 at firewall it is OK. I have manually added route add 9.8.7.6 gw 192.168.8.1 route add 5.4.3.2 gw 192.168.8.1 Both added to the client routing table. What's wrong with my configuration? Many thanks for help. sangprabv [email protected] ---------------------------------------------------------------------------- -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
