hi tomthanks for the quick response - yes, the faqs i have done over and over the last few days:
1> format correct => DNAT net loc:192.168.65.2 tcp 3389 2> wan to lan test correct (not inside lan) => SRC=120.146.190.53 DST=197.87.29.171 3> lan clients gateway correct => client 192.168.65.2 gw 192.168.65.1 (/24) - i have confirmed this by team viewing in to check the settings (which itself would not work if the gateway was not correct). 4> isp is not blocking as the connections can be seen reaching the firewall, if i put in a standard adsl or mikrotik router with pppoe and a dnat rule it works. thanks, grant.
On 9/8/2014 5:10 AM, Tom Eastep wrote:
On 9/7/2014 7:45 PM, Grant Pasley wrote:good day all i have shorewall-4.6.3.2 running on centos 2.6.32-431.23.3.el6.x86_64. i have 2 ethernet interfaces, eth0 and eth1. eth0 is lan 192.168.65.0/24 and eth1 is only used for a pppoe adsl account with dynamic ip address from isp. i am trying to forward incoming remote desktop connections to a windows server, the connections are hitting the firewall but not getting as far as the windows server. i have the following info: vim /etc/shorewall/rules DNAT net loc:192.168.65.2 tcp 3389 shorewall show nat: Chain net_dnat (1 references) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3389 to:192.168.65.2 tail -f /var/log/messages: Sep 7 22:41:33 sentinel kernel: Shorewall:xis-fw:ACCEPT:IN=ppp0 OUT= MAC= SRC=120.146.190.53 DST=197.87.29.171 LEN=52 TOS=0x18 PREC=0x00 TTL=99 ID=6044 DF PROTO=TCP SPT=56452 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 so as per above, connection hits firewall, is accepted, knows to forward to windows server, but no traffic being passed on to windows server if you look at the packets and bytes in the dnat chain. can anyone enlighten me on what i am missing perhaps? i have been going over and over the config for days and cannot seem to find anything?Have you looked at the port forwarding troubleshooting tips in FAQs 1a and 1b? The above log message verifies the first step of the tips, but there are others. -Tom ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
--- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
