On 9/1/2015 8:50 AM, Tom Eastep wrote: > On 9/1/2015 6:24 AM, Nerijus Baliunas wrote: >> On Mon, 31 Aug 2015 23:22:11 +0300 Nerijus Baliunas >> <[email protected]> wrote: >> >>>>> DNAT loc loc:192.168.1.255 udp 27036 27036 >>>>> 5.20.215.255 >>>> >>>> Did that rule change the destination address? >>> >>> No, sniffer output was the same. >> >> I tried DNAT fw loc:192.168.1.255 udp 27036 27036 >> 5.20.215.255 >> too, still the same sniffer output: >> >> 34017 515.340299 192.168.1.11 -> 5.20.215.255 UDP 136 Source port: 27036 >> Destination port: 27036 >> > > Please forward the output of 'shorewall dump' as an attachment. >
The dump shows no conntrack entry for the broadcasts; yet it appears that steam is running. Interestingly, one packet has matched the DNAT rule -- I would have thought that your loc->loc rules would have been the correct one if steam is running in the steam netns. Did you inadvertently run steam outside that netns since Shorewall was restarted. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
