Dear Tom Eastep,
Thanks very much!
I study the (FAQ 1b) and change the 192.168.1.231's gateway to 192.168.1.20
( gateway's internal interface eth0), but still don't work.
Below is the shorewall dump: the server can read the SSH and FTP's request
from internet. (before testing, i run shorewall reset to clear all Netfilter
counters)
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
3 156 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 to:192.168.1.231
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:20 to:192.168.1.231
5 260 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:2222 to:192.168.1.231:22
gateway: eth0 internal: 192.168.1.20
eth1 external: 113.89.142.80
Shorewall rules:
SECTION NEW
DNAT net lan:192.168.1.231 tcp 21
DNAT net lan:192.168.1.231 udp 20
ACCEPT all fw tcp ssh,domain
ACCEPT all fw udp domain,openvpn
ACCEPT ovpn fw tcp 902,10000
Ping/ACCEPT net fw
ACCEPT all fw tcp 5222
ACCEPT all fw udp 5222
DNAT net lan:192.168.1.231:22 tcp 2222
interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net eth1 113.89.142.255 norfc1918,arp_filte
lan eth0 detect arp_filter
ovpn tun0 -
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
At 2012-09-22 23:00:44,"Tom Eastep" <[email protected]> wrote:
>On 09/22/2012 03:22 AM, muiz wrote:
>> Dear support and users:
>> Sorry to trouble you! I configure the shorewall firewall to forward
>> ftp and ssh port to another server, but failed. Can you help me check?
>> I cannot login both SSH 2222 and ftp!
>> Below is my environment: (attachment is shorewall dump)
>
>Muiz,
>
>It appears that the SSH and FTP connection requests aren't reaching your
>firewall. From the dump:
>
>Chain net_dnat (1 references)
> pkts bytes target prot opt in out source
>destination
> 0 0 DNAT tcp -- * * 0.0.0.0/0
>0.0.0.0/0 tcp dpt:21 to:192.168.1.231
> 0 0 DNAT udp -- * * 0.0.0.0/0
>0.0.0.0/0 udp dpt:20 to:192.168.1.231
> 0 0 DNAT tcp -- * * 0.0.0.0/0
>0.0.0.0/0 tcp dpt:2222 to:192.168.1.231:22
>
>Please refer to the Port Forwarding troubleshooting tips described in
>Shorewall FAQs 1a and 1b.
>
>Thanks,
>-Tom
>--
>Tom Eastep \ When I die, I want to go like my Grandfather who
>Shoreline, \ died peacefully in his sleep. Not screaming like
>Washington, USA \ all of the passengers in his car
>http://shorewall.net \________________________________________________
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
