-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05/15/2017 09:21 AM, Zenny wrote: > Thanks Tom for your input. > > But I have the ports already DNATed to the the DMZ VM as follows in > my rules: > > # grep -Rn 514 /etc/shorewall/rules 128:DNAT net > dmz:192.168.20.110 tcp 514 129:DNAT net > dmz:192.168.20.110 udp 514 132:DNAT $FW > dmz:192.168.20.110 tcp 514 133:DNAT $FW > dmz:192.168.20.110 udp 514
This is directing ALL traffic from the firewall to port 514 to the DMZ host. Given that you are specifying 192.168.20.110 as the logging target, you should have only needed these rules: ACCEPT $FW dmz:192.168.20.110 tcp 514 ACCEPT $FW dmz:192.168.20.110 udp 514 > And I have also tried appending the following in the policy : > > $FW dmz ACCEPT > > Yet it didn't seem to work. Then, I am betting that the problem has nothing to do with your Shorewall configuration. - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJZGeJWAAoJEJbms/JCOk0QB0wQAIUy3f9XJCFyhUyeFG90nRgr 1jBxQmHkL8KMuY1kmMirl92k2VR7Hl8XaBkFDnHoiXV1eOf61C0GoHp6Czl1jYow VuX/KLQGgY25weqwFA98gSbAfnsrzgDjD2m4yus8791ZNy2iVfhvnqs/SLP++qi+ jDB3U7IGhrwuLPCGah5+y2tqm0njX/6rmbXus0YJ45PFz+XAJsahPY07fY1GFF4r SgkrAWLMtP68JQ29vF+HwIkzRUUeEt/+gFCZ6KD7ueM9ieUDAq/2CMGJtelZtCVV /XxBz5tqKSIWVogklbSwI456KBVOU2H0FkMicucaxeCJoJyjN4+8UAp96eNzko3l /MHryrtGm9JDhL7I/IuhLg16v+xmd8UT9L7cfvUBXVZVzEGZk7l4sARWFdxe8tje SpQmmdv4Kx6HfTVBtbpG2cVJ1ZeJrUr5IPvLm7PwwwI2l9HxhkhJPXTxY9XCVO/D OHB5ku3KBbpEU1fgUxpznWUh/mhJJZ9B2DaVH/R9tstiY7BL4g4VhAAJdmbQ9zCl F3+lWaO/tIzapZ8VXqbHFYu6HxGs4/4yRhqjr4Y5Dtjln0UEjCWJOhCGkKgGiLMD SoADnny3kvU4IC3JTD1Dh/5LmrPeBoxwrIuQjJMJikVEs0max+GSkBGWld9zBNH3 RTVPvZjN7dzBfakPy15g =Chos -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
