Hi, Change the rule to this..:
DNAT:info cmtc loc:192.168.0.158:23 tcp 8011 Or change the telnet service on the target machine to listen on port 8011 rather than port 23 ... and another thing to be careful of is that there must be a rout back to the source of the connection from the target of the DNAT rule. Regards, T _______________________________________ From: João Alberto Kuchnier [[email protected]] Sent: Thursday, 18 March 2010 7:04 AM To: [email protected] Subject: [Shorewall-users] DNAT Problem Hi everyone! I'm having time out problems when using a DNAT rule. Rule: DNAT:info cmtc loc:192.168.0.158 tcp 8011 Log: Mar 17 17:50:17 gw kernel: [1583997.524924] Shorewall:cmtc_dnat:DNAT:IN=eth3 OUT= SRC=10.1.0.2 DST=10.0.0.2 LEN=60 TOS=0x10 PREC=0x00 TTL=62 ID=4279 DF PROTO=TCP SPT=32791 DPT=8011 WINDOW=5840 RES=0x00 SYN URGP=0 Telnet: r...@emudar:~# telnet 10.0.0.2 8011 Trying 10.0.0.2... telnet: connect to address 10.0.0.2: Connection timed out Inside my local network, the service running on 192.168.0.158 works fine. However, I can't connect from any other zone I have(DMZ, NET and CMTC). Using wireshark on this local server, I figured out that any connection arriving from anywhere but LOC, don't ACK. I tried the interface routeback option and looking into Shorewall FAQ I found a masq issue that could fix the problem. I added the following line inside masq file: eth3:10.1.0.2 0.0.0.0/0 10.0.0.2 tcp 8011 Even using this solutions I couldn't make this work. Can you help me? João K. ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. NOTE: URL removed for security purposes - contact [email protected] for support. _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
