On 8/21/19 10:32 AM, Justin Pryzby wrote: > On Wed, Aug 21, 2019 at 10:49:33AM -0600, Richard B. Pyne wrote: >> What I want to do is to redirect incoming traffic from all interfaces for >> 166.70.103.226:8080 to 166.70.169.36:80 >> >> Both addresses are in my DMZ > > Are they on the same interface and do you have "routeback" enabled ? > >> shorewall show nat shows >> >> Chain net_dnat (1 references) >> pkts bytes target prot opt in out source destination >> 5 200 DNAT tcp -- * * 0.0.0.0/0 > > It shows packets hitting the rule... > >> all attempts to browse to 166.70.103.226:8080 time out. > > Are there any logs, and can you enable logging on the DNAT rule ? > > Did/Can you tcpdump the interface the packets should be going out of ? > > Do you need a MASQ rule for that interface so the source address is that of > the > firewall, rather than the original ip ? >
Also, Shorewall FAQs 1a and 1b give detailed DNAT debugging information. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
