-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2/26/20 2:45 PM, Naveen Neelakanta wrote: > Hi All, > > I am trying to send FTP traffic when both SNAT and DNAT rules are > created, however, I don't see the traffic on tcpdump and no > connection tracking entry is also getting created. > > SNAT rule 4 240 SNAT all -- any eth3 192.168.1.10 > anywhere policy match dir out pol none to:50.50.50.50 > > DNAT rule 4 240 DNAT all -- veth-e3-p any anywhere > 40.40.40.40 policy match dir in pol none to:192.169.1.2 > > I see ftp helper counters are incremented > > 4 240 CT tcp -- veth-e3-p any anywhere anywhere > tcp dpt:ftp CT helper ftp zone 4 > > I am not seeing the connection tracking entry getting created for > this flow, but if I delete one of the NAT rules then I see > connection tracking entry. >
Naveen, First, please stop sending your support requests to me directly -- While I still putter around with Shorewall, I am retired from the project. Second, you have extracted three entries out of a ruleset and have said "they don't work". And you didn't use the '-n' and '-v' options to 'iptables -L' so we can't even see the entire rules. Please follow the instructions at https://shorewall.org/support.htm#Guidelines when submitting a problem report and we will try to help you. But you are using conntrack zones which Shorewall doesn't support (other than the default zone), so we may be of only limited help in trying to solve your problem. - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIzBAEBCgAdFiEEFNMNR63CLO6yqbL8luaz8kI6TRAFAl5W/AEACgkQluaz8kI6 TRA1phAAwbVW/vqSIa52RwuUdPk+mdxDwG1TshXYZN5/D4ixgz1riuYeAqDQa4A2 PUP7fux3vkTQoempLnzJzhovswtTFMUQDlhwgvc/gvkgPw6a7HN5R96sIZu2180N G+fCMwIkd3pmz1yV+QLBuadHi35e8oo4ltCfjKTRj7BxDo1S2QGW+4rSnmJQQyFe /KOZnJsir1LQto8tSNOYEXiT/sFlWd0BISJChIPanxmCi0I63Y2cTFLOQL/cfegu z/0y5PPhmR5dKGqepCEq+5FSniRvy8fsSr/AiOHyFRXymClYMKdzRf4Zl8qbZdd2 /tddD/I57YVI2lDj9whtjBxFrMZDlzGO2lH4KIJlPBF89dPlEIQ1FLSjb5t7ocQn /KsMnQqfWEA+C3IUo6mx0A6HYtmTk0TgejcgQiIukfBH3/t/f8e8wgDtiyHL0hG2 jJwKLq24cmE57TTGdvcVua16F6UIabhbRsBIAk1jbEQM8ApH0jtlyyBfXvkPQAVm lZ5T23GpYW1FzcIpjTw1bnC72RUD+Kegt5aP7whrldf5yKLFN3FIJz2PPgUJvV0d 1VrEdwoxwVsRumSB/6wfNBg8HpeTgvwNxfzgEzAq5skzvfZ9J8SBFyGhLnMsvbAr 5+QZ+sDBbu9LjcGyWlCvV9Ng6+2IenbUD3cmSq6C2msSOxQd9xc= =/6ME -----END PGP SIGNATURE----- _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
