geez - thanks tom - something so small and i have literally spent days
on this, thanks for the assistance!
On 9/9/2014 10:35 PM, Tom Eastep wrote:
On 9/9/2014 12:50 PM, Tom Eastep wrote:
On 9/7/2014 7:45 PM, Grant Pasley wrote:
good day all
i have shorewall-4.6.3.2 running on centos 2.6.32-431.23.3.el6.x86_64. i
have 2 ethernet interfaces, eth0 and eth1. eth0 is lan 192.168.65.0/24
and eth1 is only used for a pppoe adsl account with dynamic ip address
from isp.
i am trying to forward incoming remote desktop connections to a windows
server, the connections are hitting the firewall but not getting as far
as the windows server. i have the following info:
vim /etc/shorewall/rules
DNAT net loc:192.168.65.2 tcp 3389
shorewall show nat:
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3389 to:192.168.65.2
tail -f /var/log/messages:
Sep 7 22:41:33 sentinel kernel: Shorewall:xis-fw:ACCEPT:IN=ppp0 OUT=
MAC= SRC=120.146.190.53 DST=197.87.29.171 LEN=52 TOS=0x18 PREC=0x00
TTL=99 ID=6044 DF PROTO=TCP SPT=56452 DPT=3389 WINDOW=8192 RES=0x00 SYN
URGP=0
so as per above, connection hits firewall, is accepted, knows to forward
to windows server, but no traffic being passed on to windows server if
you look at the packets and bytes in the dnat chain.
can anyone enlighten me on what i am missing perhaps? i have been going
over and over the config for days and cannot seem to find anything?
May we see the output of 'shorewall dump' collected as described at
http://www.shorewall.net/support.htm#Guidelines?
Nevermind -- look at the above log message -- the source zone is 'xis',
not 'net' which is what your DNAT rule has as the source.
-Tom
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce.
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce.
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
