Hello, I found my error, I forget put the firewall as gateway in the xmpp 
server.

Thanks
---
Ing. Alex Irmel Oviedo Solis
Especialista en Servicios GNU/Linux
Correo electrónico: alex...@alexove.me (mailto:alex...@alexove.me)
Celular Bitel : 930328402
Celular Claro: 959625001

17 de mayo del 2018 4:55, "Huy Bui"  escribió:

Hi Alex,
What's the problem do you encounter? Have you try to access your xmpp server 
from outside?
Those drop message from dmesg output are for port 22(ssh server) to your 
server. You will get a lot of these since people will try to hack your server 
from the net for SSH access all the time because your policy said to log all 
drop packets
Huy
On 17 May 2018 at 00:30, Alex Irmel Oviedo Solis  wrote:
Hello world, I have a fresh installed firewall with shorewall (vesion: 
5.1.10.2) on fedora server (firewalld is disabled) and I want to do a DNAT from 
net zone to lan zone for a xmpp server inside the lan.

This is my "zones" file:
#ZONE TYPE
fw firewall
net ipv4
lan ipv4

"interfaces" file:
?FORMAT 2
###
#ZONE INTERFACE OPTIONS
net enp2s0
lan enp3s0

"policy" file:
#SOURCE DEST POLICY LOGLEVEL RATE CONNLIMIT
fw all ACCEPT
lan fw ACCEPT info
lan net ACCEPT info
net fw DROP info
net lan DROP info

"rules" file:
?SECTION NEW
ACCEPT lan fw tcp 22
DNAT net lan:10.0.9.103:5222 (http://10.0.9.103:5222) tcp 5222

dmesg output:
[1060728.293989] net-fw DROP IN=enp2s0 OUT= 
MAC=70:62:b8:b5:50:e4:00:23:3e:87:df:d6:08:00 SRC=61.177.172.57 
DST=190.108.89.85 LEN=60 TOS=0x08 PREC=0x40 TTL=51 ID=36847 DF PROTO=TCP 
SPT=61698 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0 
[1060730.298005] net-fw DROP IN=enp2s0 OUT= 
MAC=70:62:b8:b5:50:e4:00:23:3e:87:df:d6:08:00 SRC=61.177.172.57 
DST=190.108.89.85 LEN=60 TOS=0x08 PREC=0x40 TTL=51 ID=36848 DF PROTO=TCP 
SPT=61698 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0 
---
Ing. Alex Irmel Oviedo Solis
Especialista en Servicios GNU/Linux
Correo electrónico: alex...@alexove.me (mailto:alex...@alexove.me)
Celular Bitel : 930328402
Celular Claro: 959625001
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot 
(http://sdm.link/slashdot)
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net 
(mailto:Shorewall-users@lists.sourceforge.net)
https://lists.sourceforge.net/lists/listinfo/shorewall-users 
(https://lists.sourceforge.net/lists/listinfo/shorewall-users)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to