@Adam Using CentOS 4.9 on the shorewall host machine with selinux disabled and debian 8 in the VM with proxmox 4.5 host (also based on debian jessie), fyi.
Cheers, /z On 5/15/17, Adam Cecile <[email protected]> wrote: > SELinux shit? What distro are you running? > > Adam. > > Le 15 mai 2017 19:16:06 GMT+02:00, Tom Eastep <[email protected]> a > écrit : >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA256 >> >>On 05/15/2017 09:21 AM, Zenny wrote: >>> Thanks Tom for your input. >>> >>> But I have the ports already DNATed to the the DMZ VM as follows in >>> my rules: >>> >>> # grep -Rn 514 /etc/shorewall/rules 128:DNAT net >>> dmz:192.168.20.110 tcp 514 129:DNAT net >>> dmz:192.168.20.110 udp 514 132:DNAT $FW >>> dmz:192.168.20.110 tcp 514 133:DNAT $FW >>> dmz:192.168.20.110 udp 514 >> >>This is directing ALL traffic from the firewall to port 514 to the DMZ >>host. Given that you are specifying 192.168.20.110 as the logging >>target, you should have only needed these rules: >>ACCEPT $FW dmz:192.168.20.110 tcp 514 >>ACCEPT $FW dmz:192.168.20.110 udp 514 >> >>> And I have also tried appending the following in the policy : >>> >>> $FW dmz ACCEPT >>> >>> Yet it didn't seem to work. >> >>Then, I am betting that the problem has nothing to do with your >>Shorewall configuration. >> >>- -Tom >>- -- >>Tom Eastep \ Q: What do you get when you cross a mobster with >>Shoreline, \ an international standard? >>Washington, USA \ A: Someone who makes you an offer you can't >>http://shorewall.org \ understand >> \_______________________________________________ >>-----BEGIN PGP SIGNATURE----- >>Version: GnuPG v2 >>Comment: GPGTools - http://gpgtools.org >> >>iQIcBAEBCAAGBQJZGeJWAAoJEJbms/JCOk0QB0wQAIUy3f9XJCFyhUyeFG90nRgr >>1jBxQmHkL8KMuY1kmMirl92k2VR7Hl8XaBkFDnHoiXV1eOf61C0GoHp6Czl1jYow >>VuX/KLQGgY25weqwFA98gSbAfnsrzgDjD2m4yus8791ZNy2iVfhvnqs/SLP++qi+ >>jDB3U7IGhrwuLPCGah5+y2tqm0njX/6rmbXus0YJ45PFz+XAJsahPY07fY1GFF4r >>SgkrAWLMtP68JQ29vF+HwIkzRUUeEt/+gFCZ6KD7ueM9ieUDAq/2CMGJtelZtCVV >>/XxBz5tqKSIWVogklbSwI456KBVOU2H0FkMicucaxeCJoJyjN4+8UAp96eNzko3l >>/MHryrtGm9JDhL7I/IuhLg16v+xmd8UT9L7cfvUBXVZVzEGZk7l4sARWFdxe8tje >>SpQmmdv4Kx6HfTVBtbpG2cVJ1ZeJrUr5IPvLm7PwwwI2l9HxhkhJPXTxY9XCVO/D >>OHB5ku3KBbpEU1fgUxpznWUh/mhJJZ9B2DaVH/R9tstiY7BL4g4VhAAJdmbQ9zCl >>F3+lWaO/tIzapZ8VXqbHFYu6HxGs4/4yRhqjr4Y5Dtjln0UEjCWJOhCGkKgGiLMD >>SoADnny3kvU4IC3JTD1Dh/5LmrPeBoxwrIuQjJMJikVEs0max+GSkBGWld9zBNH3 >>RTVPvZjN7dzBfakPy15g >>=Chos >>-----END PGP SIGNATURE----- >> >>------------------------------------------------------------------------------ >>Check out the vibrant tech community on one of the world's most >>engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>_______________________________________________ >>Shorewall-users mailing list >>[email protected] >>https://lists.sourceforge.net/lists/listinfo/shorewall-users > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -- Cheers, /z -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: http://openpgpjs.org xsBNBFcTxwEBCAC+G0MG+BHNGs8orGRobPV6jd+8RtT4XhXXEnuEjLA5uHz8 1OulvUS/qiq58Jo/KEnTn19rtyNiN7GmrLvo14Q0+mpFQEfrnzj2NCr1bf8w l5r+CrIIb+xFEqf5dIHf3w1NNXgHwl6Z3QBflZsqaPHa8y5dhAqVlr1NS7EL VgCifutAppl2Fcl05p4F5pQLKHMYCO+5gPMnMfnOOe4BTch0VOg8N4qkv0Px JtSHjHucpivf4eJwznejYwDt/AtdyaB7LUC9N6yuLN+QYuB/mIo0YVU2wcgP iwr8ITfDUz5Nx0MUm9hmTbOyj6ixNOVuYMmOvevCzzU0ULEkr99EMoAJABEB AAHNHFplbm55IDxnYXJieXRyYXNoQGdtYWlsLmNvbT7CwHIEEAEIACYFAlcT xwEGCwkIBwMCCRABOcPTK6+XKwQVCAIKAxYCAQIbAwIeAQAAD5gH/21f5PLm ytP4rd9HLGKHTMQola/VKMoCMlA7zb1LLJKTCJayZmIproblTyWO8iSSkkaA 89gIifuCTvMJ8vh4WLTUfO0gr+41uZhLScYqAOoqgctCPsyrHxV4QBYAzGf7 1LAEymtYBSiKHhks4Jff190Czrfupz7AAuLxepS1/RIZbdmeYO2g8FWf4sIR ZFKehNMSWlspxYGxXdAmGLX+xtHD+LNHqqnERsuatynR9oJ3G8WauD4CiNgW IRyfxf2xZVj7J+bGzg7dl7IJNmp0UDTLqqsF2TFpURyfIAAAhb3WkQAaV5n1 osMST1BbCnWdGo5bjpReuBl3lQ5bIn3Gc3HOwE0EVxPHAQEIAL2Pq+od71kT /lRMt+XDryOc1XTT5DJW7BUMXOjXXOZfWsuGTrqU3O1XYPWYzoZy9L+6zpII On/auicvkUblWvrXkt4CIVIU1qDk6KpDKVKBiINy5sk7cTyjumbqxPmnVBK2 DHN27rLOnReCnFUmgIgbfgK0/un0oEnAHvsYdeg1ydipd2vVzx3aJ1TfQS1W IBWN125EO4nKQ5Kl1XV7nWvlv+ZvrOmOWVeSl9jpyZvLJDmks0E/AIF4QBJF K+NTME8+x7CwFDQwLGENXojeZOfsNHbln91KE1ZU1/QvzLHVqdZOo/s20Y7V tjdUsiUPpVQcsSpXLzGKPCWz90M3Be8AEQEAAcLAXwQYAQgAEwUCVxPHAgkQ ATnD0yuvlysCGwwAAL9hCACP7CY1fivXEN4X+l/C56l/nARrNVoZvJr4QHnF 9C/r5m6TLCMov0eOLg8IvZF7M0Ecyvq1IzNqbwQd+8mTA4tn+aND20fk2z08 floFL6fJykIyAGtRMwAb3HdC1pqexk/0pYxhoy9GtQzqvK/NbcPPdBDd1N7M pKdXDVhXhx0R1K6UlMYfnyc9o171UYRPlFrmdBV7ZLC4KeBKqFEESKXaxyRg D7E1FXGl1pDMh2QJNM/n9gVLJb0+znBsPG4jUNOctAOhRwF9Z23qsU6AGpOu QhWG1alJz6d1T4sTgPdh+K1nMWNKGUzzayAKrRPTbnwLEijqqJPpIIDVzoai py73 =JPvb -----END PGP PUBLIC KEY BLOCK----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
