On Wed, Aug 21, 2019 at 10:49:33AM -0600, Richard B. Pyne wrote: > What I want to do is to redirect incoming traffic from all interfaces for > 166.70.103.226:8080 to 166.70.169.36:80 > > Both addresses are in my DMZ
Are they on the same interface and do you have "routeback" enabled ? > shorewall show nat shows > > Chain net_dnat (1 references) > pkts bytes target prot opt in out source destination > 5 200 DNAT tcp -- * * 0.0.0.0/0 It shows packets hitting the rule... > all attempts to browse to 166.70.103.226:8080 time out. Are there any logs, and can you enable logging on the DNAT rule ? Did/Can you tcpdump the interface the packets should be going out of ? Do you need a MASQ rule for that interface so the source address is that of the firewall, rather than the original ip ? Justin _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
