Hi,
Sorry, not an experienced shorewall user, this is my first basic setup.
This starts to drive me crazy.
I wanted to use DNAT to forward port 33890 to an internal machine (windows)
port 3389. To reach my workstation when I'm not home.
In my rules :
DNAT:debug net loc:192.168.0.11:3389 tcp 33890 -
pub.lic.ip.add
#SECTION BLACKLIST
#well known port scans
DROP net all tcp
21,22,23,25,80,81,110,143,210,443,512,1000,1080,1433,1434,222,3128,3306,3389,4899,5021,5900,8000,8010,8080,8081,8088,8089,809
DROP net all udp 3389
DROP net all udp 5060
Zones :
fw firewall
net ipv4
loc ipv4
policy:
net all DROP info
$FW all ACCEPT
loc $FW ACCEPT
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
shorewall.conf
IP_FORWARDING=Keep
and the kernel also knows :
root@mordor:~# cat /proc/sys/net/ipv4/ip_forward
1
The message in syslog...
Shorewall:net_dnat:DNAT:IN=eth0 OUT=
MAC=00:0c:29:2d:ca:d6:11:23:06:17:f8:40:48:00 SRC=myfriendsip DST=mypubip
LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=27043 DF PROTO=TCP SPT=33484 DPT=33890
WINDOW=8192 RES=0x00 SYN URGP=0
Could anyone point me to the right direction/help a bit to make it work? Or
do I miss something?
Thank you in advance,
Gabor
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
