Sorry Tom, I wrote it wrong on e-mail. The rule is correctly spelled in rules file.
Thanks! João K. Tom Eastep escreveu: > João Alberto Kuchnier wrote: > > >> On an old iptables firewall, I have the following rules: >> >> iptables -A FORWARD -p UDP -j ACCEPT >> iptables -t nat -A PREROUTING -p UDP -i eth0 -s 0/0 --dport 3000 -j DNAT >> --to 10.1.0.2 >> >> My shorewall rule: >> >> DNAT loc cmtc:10.1.0.2 udp - 3000 >> >> The iptables rules works fine but my shorewall rule doesn't. I find out >> that the packages arrive on server 10.1.0.2 but I have no return. >> >> I fix it temporally using socat: >> >> socat -d -d udp-listen:3000,fork,reuseaddr udp-sendto:10.1.0.2:3000 >> >> Can you help me to figure this out? >> > > Your Shorewall rule is matching on the SOURCE PORT! You want: > > DNAT LOC cmct:10.1.0.2 udp 3000 > > -Tom > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
