Thanks, DNAT- gave me an error ignoring loc destination. Sort of like it was seeing the dash as a column filler.
Debian 10 Shorewall 5.2.3.2 By removing the logging info after DNAT, I don’t see the log info in iptables. Probably just as useful. I’ll use the loc server logs. In a way that makes sense. Thanks —John > On May 12, 2019, at 1:12 PM, Tom Eastep <teas...@shorewall.net> wrote: > >> On 5/12/19 10:08 AM, Tom Eastep wrote: >>> On 5/12/19 9:19 AM, John Hill wrote: >>> Thanks You Tom >>> Thanks again for Shorewall. >>> >> >> You're most welcome. >> >> You can eliminate this problem as follows. >> >> Suppose that your current DNAT rule is: >> >> DNAT:NFLOG(xxx) net loc:192.168.0.4:22 tcp 1022 - 70.90.191.124 >> >> You can rewrite this rule as: >> >> DNAT- net loc:192.168.0.4:22 tcp 1022 - 70.90.191.124 >> ACCEPT:NFLOG(yyy) net loc:192.168.0.4:22 tcp 22 - 70.90.191.124 >> > > Oops -- make that: > > DNAT- net loc:192.168.0.4:22 tcp 1022 - 70.90.191.124 > ACCEPT:NFLOG(yyy) net loc:192.168.0.4 tcp 22 - 70.90.191.124 > > Copy paste error :-( > > -Tom > -- > Tom Eastep \ Q: What do you get when you cross a mobster with > Shoreline, \ an international standard? > Washington, USA \ A: Someone who makes you an offer you can't > http://shorewall.org \ understand > \_______________________________________________ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
