João Alberto Kuchnier wrote: > > On an old iptables firewall, I have the following rules: > > iptables -A FORWARD -p UDP -j ACCEPT > iptables -t nat -A PREROUTING -p UDP -i eth0 -s 0/0 --dport 3000 -j DNAT > --to 10.1.0.2 > > My shorewall rule: > > DNAT loc cmtc:10.1.0.2 udp - 3000 > > The iptables rules works fine but my shorewall rule doesn't. I find out > that the packages arrive on server 10.1.0.2 but I have no return. > > I fix it temporally using socat: > > socat -d -d udp-listen:3000,fork,reuseaddr udp-sendto:10.1.0.2:3000 > > Can you help me to figure this out?
Your Shorewall rule is matching on the SOURCE PORT! You want: DNAT LOC cmct:10.1.0.2 udp 3000 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
