Hi Matt, local (cameras) zone is 10.2.20.1 and net zone is 10.2.1.106.
If I do shorewall clear, dnat can't work. I didn't try to access http/https during that snip. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, August 5, 2020 9:01 AM, Matt Darfeuille <m...@shorewall.org> wrote: > On 8/5/2020 5:03 PM, colony.three--- via Shorewall-users wrote: > > > I have struggled for days to make this work but admit I am soundly defeated. > > My goal is to dnat two cameras through an Odroid N2+. But I can't even get > > a basic ACCEPT to work on ports 80 or 443. I can't understand what is > > wrong. Dump is attached. Sure hope the boss is still around. > > [Tue Jan 30 17:39:29 2018] net-fw DROP IN=eth0 OUT= > > MAC=00:1e:06:42:5b:57:fc:aa:14:71:ef:47:08:00 SRC=10.2.1.4 DST=10.2.1.106 > > LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=8197 DF PROTO=TCP SPT=28086 DPT=51554 > > WINDOW=29200 RES=0x00 SYN URGP=0 > > [Tue Jan 30 17:39:30 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:dc:9f:db:1a:a0:1a:08:00 SRC=10.2.20.31 DST=10.2.20.1 > > LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=10986 DF PROTO=UDP SPT=53625 DPT=53 > > LEN=45 > > [Tue Jan 30 17:39:30 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:dc:9f:db:1a:a0:1a:08:00 SRC=10.2.20.31 DST=10.2.20.1 > > LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=10987 DF PROTO=UDP SPT=57493 DPT=53 > > LEN=45 > > [Tue Jan 30 17:39:30 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:dc:9f:db:1a:a0:1a:08:00 SRC=10.2.20.31 DST=10.2.20.1 > > LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=10988 DF PROTO=UDP SPT=40352 DPT=53 > > LEN=45 > > [Tue Jan 30 17:39:31 2018] net-fw DROP IN=eth0 OUT= > > MAC=00:1e:06:42:5b:57:fc:aa:14:71:ef:47:08:00 SRC=10.2.1.4 DST=10.2.1.106 > > LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=10546 DF PROTO=TCP SPT=28190 DPT=51554 > > WINDOW=29200 RES=0x00 SYN URGP=0 > > [Tue Jan 30 17:39:32 2018] net-fw DROP IN=eth0 OUT= > > MAC=00:1e:06:42:5b:57:fc:aa:14:71:ef:47:08:00 SRC=10.2.1.4 DST=10.2.1.106 > > LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=10547 DF PROTO=TCP SPT=28190 DPT=51554 > > WINDOW=29200 RES=0x00 SYN URGP=0 > > [Tue Jan 30 17:39:32 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 > > LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44808 DF PROTO=UDP SPT=48844 DPT=53 > > LEN=52 > > [Tue Jan 30 17:39:32 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 > > LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44809 DF PROTO=UDP SPT=60419 DPT=53 > > LEN=52 > > [Tue Jan 30 17:39:32 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 > > LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44810 DF PROTO=UDP SPT=45791 DPT=53 > > LEN=52 > > [Tue Jan 30 17:39:32 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 > > LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44811 DF PROTO=UDP SPT=32787 DPT=53 > > LEN=52 > > [Tue Jan 30 17:39:34 2018] net-fw DROP IN=eth0 OUT= > > MAC=01:00:5e:00:00:01:00:eb:d5:61:fb:60:08:00 SRC=0.0.0.0 DST=224.0.0.1 > > LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 > > [Tue Jan 30 17:39:34 2018] net-fw DROP IN=eth0 OUT= > > MAC=01:00:5e:00:00:01:00:eb:d5:61:fb:60:08:00 SRC=0.0.0.0 DST=224.0.0.1 > > LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 > > [Tue Jan 30 17:39:34 2018] net-fw DROP IN=eth0 OUT= > > MAC=00:1e:06:42:5b:57:fc:aa:14:71:ef:47:08:00 SRC=10.2.1.4 DST=10.2.1.106 > > LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=10548 DF PROTO=TCP SPT=28190 DPT=51554 > > WINDOW=29200 RES=0x00 SYN URGP=0 > > [Tue Jan 30 17:39:38 2018] net-fw DROP IN=eth0 OUT= > > MAC=00:1e:06:42:5b:57:fc:aa:14:71:ef:47:08:00 SRC=10.2.1.4 DST=10.2.1.106 > > LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=10549 DF PROTO=TCP SPT=28190 DPT=51554 > > WINDOW=29200 RES=0x00 SYN URGP=0 > > [Tue Jan 30 17:39:39 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 > > LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44884 DF PROTO=UDP SPT=56118 DPT=53 > > LEN=52 > > [Tue Jan 30 17:39:39 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 > > LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44885 DF PROTO=UDP SPT=47795 DPT=53 > > LEN=52 > > [Tue Jan 30 17:39:39 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 > > LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44886 DF PROTO=UDP SPT=60806 DPT=53 > > LEN=52 > > [Tue Jan 30 17:39:39 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 > > LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=44887 DF PROTO=UDP SPT=53807 DPT=53 > > LEN=52 > > [Tue Jan 30 17:39:45 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:dc:9f:db:1a:a0:1a:08:00 SRC=10.2.20.31 DST=10.2.20.1 > > LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=25988 DF PROTO=UDP SPT=60181 DPT=53 > > LEN=45 > > [Tue Jan 30 17:39:45 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:dc:9f:db:1a:a0:1a:08:00 SRC=10.2.20.31 DST=10.2.20.1 > > LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=25989 DF PROTO=UDP SPT=51672 DPT=53 > > LEN=45 > > [Tue Jan 30 17:39:45 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:dc:9f:db:1a:a0:1a:08:00 SRC=10.2.20.31 DST=10.2.20.1 > > LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=25990 DF PROTO=UDP SPT=54680 DPT=53 > > LEN=45 > > [Tue Jan 30 17:39:46 2018] net-fw DROP IN=eth0 OUT= > > MAC=00:1e:06:42:5b:57:fc:aa:14:71:ef:47:08:00 SRC=10.2.1.4 DST=10.2.1.106 > > LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=10550 DF PROTO=TCP SPT=28190 DPT=51554 > > WINDOW=29200 RES=0x00 SYN URGP=0 > > [Tue Jan 30 17:39:49 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 > > LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=45506 DF PROTO=UDP SPT=38509 DPT=53 > > LEN=52 > > [Tue Jan 30 17:39:49 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 > > LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=45507 DF PROTO=UDP SPT=35424 DPT=53 > > LEN=52 > > [Tue Jan 30 17:39:49 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 > > LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=45508 DF PROTO=UDP SPT=38172 DPT=53 > > LEN=52 > > [Tue Jan 30 17:39:49 2018] local-fw REJECT IN=eth1 OUT= > > MAC=00:e0:4c:68:00:9e:00:1f:54:45:be:07:08:00 SRC=10.2.20.51 DST=10.2.20.1 > > LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=45509 DF PROTO=UDP SPT=60454 DPT=53 > > LEN=52 > > What are the Ips in questions and the zones in questions? > > IS it working if you do 'shorewall clear'? > > IN your log I don't see http/https being listed. > > ---------------------------------------------------------------------------------------------------------------------------------------------------------- > > Matt Darfeuille m...@shorewall.org > Shorewall Project Committee, one of four core members > https://sourceforge.net/p/shorewall/mailman/message/36596609/ > https://shorewall.org > > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
