Thanks Tom for your input. But I have the ports already DNATed to the the DMZ VM as follows in my rules:
# grep -Rn 514 /etc/shorewall/rules 128:DNAT net dmz:192.168.20.110 tcp 514 129:DNAT net dmz:192.168.20.110 udp 514 132:DNAT $FW dmz:192.168.20.110 tcp 514 133:DNAT $FW dmz:192.168.20.110 udp 514 #134:ACCEPT $FW dmz tcp 514 (this too didn't work by disabling the two DNAT lines-132-133 above) And I have also tried appending the following in the policy : $FW dmz ACCEPT Yet it didn't seem to work. On 5/15/17, Tom Eastep <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 05/14/2017 10:07 AM, Zenny wrote: >> Hi, >> >> I appended "*.* @@<IP_of_LocalVM_in_NATted_DMZ>:514" in the router >> running shorewall so that I can centralize logging, but it does >> not log, although port 514 has been DNATed to the local DMZ VM in >> shorewall rules. However, logging from all other shorewall >> firewall from remote instances works with "*.* @@<Public IP with >> shorewall host>:514. >> >> Is there a specific rule need to be added for such scenario? Inputs >> appreciated! >> > > You need to open port 514 from the fw do the DMZ VM. > > - -Tom > - -- > Tom Eastep \ Q: What do you get when you cross a mobster with > Shoreline, \ an international standard? > Washington, USA \ A: Someone who makes you an offer you can't > http://shorewall.org \ understand > \_______________________________________________ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJZGOsMAAoJEJbms/JCOk0QsskQAJVWfsMOYFTO7zTJMe3QflVo > ue2uAaxphZTvJ+Maz/tEH4WC8H/NuBW8LfjiT5Z8tlFNlOOii+DKDXK7Hgqaqw2W > IIswMfBAYG//G+kYLi/J7wTYNXHUyN8CXE3MzXisaDtNYrSGVifhQbY8EXOMKZVV > tkdaPBvkol9GuROxNLH74bRwpKQOZUwNeYbcbZUxnYF3gwRrQK5kqM3pO5C/iKtf > YOBtJypW/MTcvOkSnL1GA1LCWo4PLA26fdIrEeS/PssmsTbev/HE2+/YhpoexOIF > lbTz6lln/bCqPOJHi5xWDFGlQt9p1cTk7PcwIf5HeubA47fQp1zWeiH3HBe/YgUX > a/KjFKf/Kt7T/+4SZmoNzqQlISBo6BqJEk2c3m25Ik/ldqEfZ6P1yBF0fs27/Ta3 > rjAE1iEdkRvfh48luG4e4e9elNGTXf2TgRHKcqzZpL05m34HnWIhaIbqQmigYhDP > /4rf0d0KZ8TkfEZfp7iZGXzjWkoM4+parO+nUW3O9gbcGxJqWhCTgCSagi26Cyby > +REHdxyvOSdsFnn7GHfrUwkNVYs4D8ruu4rbqAg0mJK9SMf1MVDGPOJf2U2/WSlM > tEAuE9oT4rDxnbGlTMX6/LvpHtKZhGctFh3WqV+tSd1zWgfjkntZo/xmmQSa4ndd > uDtPcZU+8tF7H8baHAeP > =cIf0 > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -- Cheers, /z -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: http://openpgpjs.org xsBNBFcTxwEBCAC+G0MG+BHNGs8orGRobPV6jd+8RtT4XhXXEnuEjLA5uHz8 1OulvUS/qiq58Jo/KEnTn19rtyNiN7GmrLvo14Q0+mpFQEfrnzj2NCr1bf8w l5r+CrIIb+xFEqf5dIHf3w1NNXgHwl6Z3QBflZsqaPHa8y5dhAqVlr1NS7EL VgCifutAppl2Fcl05p4F5pQLKHMYCO+5gPMnMfnOOe4BTch0VOg8N4qkv0Px JtSHjHucpivf4eJwznejYwDt/AtdyaB7LUC9N6yuLN+QYuB/mIo0YVU2wcgP iwr8ITfDUz5Nx0MUm9hmTbOyj6ixNOVuYMmOvevCzzU0ULEkr99EMoAJABEB AAHNHFplbm55IDxnYXJieXRyYXNoQGdtYWlsLmNvbT7CwHIEEAEIACYFAlcT xwEGCwkIBwMCCRABOcPTK6+XKwQVCAIKAxYCAQIbAwIeAQAAD5gH/21f5PLm ytP4rd9HLGKHTMQola/VKMoCMlA7zb1LLJKTCJayZmIproblTyWO8iSSkkaA 89gIifuCTvMJ8vh4WLTUfO0gr+41uZhLScYqAOoqgctCPsyrHxV4QBYAzGf7 1LAEymtYBSiKHhks4Jff190Czrfupz7AAuLxepS1/RIZbdmeYO2g8FWf4sIR ZFKehNMSWlspxYGxXdAmGLX+xtHD+LNHqqnERsuatynR9oJ3G8WauD4CiNgW IRyfxf2xZVj7J+bGzg7dl7IJNmp0UDTLqqsF2TFpURyfIAAAhb3WkQAaV5n1 osMST1BbCnWdGo5bjpReuBl3lQ5bIn3Gc3HOwE0EVxPHAQEIAL2Pq+od71kT /lRMt+XDryOc1XTT5DJW7BUMXOjXXOZfWsuGTrqU3O1XYPWYzoZy9L+6zpII On/auicvkUblWvrXkt4CIVIU1qDk6KpDKVKBiINy5sk7cTyjumbqxPmnVBK2 DHN27rLOnReCnFUmgIgbfgK0/un0oEnAHvsYdeg1ydipd2vVzx3aJ1TfQS1W IBWN125EO4nKQ5Kl1XV7nWvlv+ZvrOmOWVeSl9jpyZvLJDmks0E/AIF4QBJF K+NTME8+x7CwFDQwLGENXojeZOfsNHbln91KE1ZU1/QvzLHVqdZOo/s20Y7V tjdUsiUPpVQcsSpXLzGKPCWz90M3Be8AEQEAAcLAXwQYAQgAEwUCVxPHAgkQ ATnD0yuvlysCGwwAAL9hCACP7CY1fivXEN4X+l/C56l/nARrNVoZvJr4QHnF 9C/r5m6TLCMov0eOLg8IvZF7M0Ecyvq1IzNqbwQd+8mTA4tn+aND20fk2z08 floFL6fJykIyAGtRMwAb3HdC1pqexk/0pYxhoy9GtQzqvK/NbcPPdBDd1N7M pKdXDVhXhx0R1K6UlMYfnyc9o171UYRPlFrmdBV7ZLC4KeBKqFEESKXaxyRg D7E1FXGl1pDMh2QJNM/n9gVLJb0+znBsPG4jUNOctAOhRwF9Z23qsU6AGpOu QhWG1alJz6d1T4sTgPdh+K1nMWNKGUzzayAKrRPTbnwLEijqqJPpIIDVzoai py73 =JPvb -----END PGP PUBLIC KEY BLOCK----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
