Hello, I am running Shorewall 4.5.5.3 on a Debian machine.
I have a firewall (10.8.0.1) connected to an internal server (10.8.0.2) via
OpenVPN. On the firewall the VPN interface is called tun0. So in my
shorewall configuration I have this:
$ cat interfaces
#ZONE INTERFACE OPTIONS
- lo ignore
vpn tun+ optional
net eth+ dhcp,physical=+,routeback,optional
$ cat zones
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
vpn ipv4
net ip
$ cat policy
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
$FW net ACCEPT
$FW vpn ACCEPT
vpn all ACCEPT
net all DROP info
Now I want to forward all traffic from the public net coming to TCP port
2222 on the firewall to the internal server port 22. So I have added the
following two lines:
$ cat rules
ACCEPT net $FW tcp 2222
DNAT:info net vpn:10.8.0.2:22 tcp 2222
In my shorewall.conf file I have this line:
IP_FORWARDING=On
However, this does not seem to work.
In the log file I can see these lines:
Feb 13 01:59:44 helios kernel: [2390648.826670]
Shorewall:net_dnat:DNAT:IN=eth0 OUT=
MAC=52:54:ed:88:f9:f5:5c:5e:ab:03:66:c0:08:00 SRC=<client-IP>
DST=<firewall-IP> LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=21389 DF PROTO=TCP
SPT=38026 DPT=2222 WINDOW=29200 RES=0x00 SYN URGP=0
What am I missing here?
Cheers!
--
Matthias F. Brandstetter
[email protected]
@maflobra <https://twitter.com/maflobra>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
