HAZZAH, like magic the Master does it again! This is regular Shorewall, compiling rules in its own machine, all in /etc/shorewall.
BUT, AUTOMAKE=Yes. As soon as I set it to No, everything started TWERKING! Thank you again Tom. I never would have found this in a million years. For others, beware: Automake=Yes is the default. Might should be No if you consider port-forwarding. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, August 5, 2020 10:18 AM, Tom Eastep <teas...@shorewall.net> wrote: > On 8/5/20 9:30 AM, colony.three--- via Shorewall-users wrote: > > > Thank you Tom, but actually there is a DNS ACCEPT rule. > > I didn't make this clear enough but I am trying to dnat from net to local, > > for example incoming port 51554 to local 10.2.20.51:554 . Here are my rules: > > > > Cameras > > > > ======== > > > > ACCEPT net:10.2.1.4 $FW tcp 50554 - > > DNAT net local:10.2.20.50:554 tcp 50554 - > > ACCEPT net $FW tcp 51554 - > > DNAT net local:10.2.20.51:554 tcp 51554 - > > ACCEPT net:10.2.1.4 $FW udp 50554 - > > DNAT net local:10.2.20.50:554 udp 50554 - > > ACCEPT net:10.2.1.4 $FW udp 51554 - > > DNAT net local:10.2.20.51:554 udp 51554 - > > ACCEPT net:10.2.1.4 $FW tcp 50443 - > > DNAT net local:10.2.20.50:443 tcp 50443 - > > ACCEPT local $FW udp domain,ntp - > > ACCEPT net $FW tcp 51443 - > > DNAT net local:10.2.20.51:443 tcp 51443 - > > ACCEPT net $FW tcp 5180 - > > DNAT net local:10.2.20.51:80 tcp 5180 - > > Again, is this a Shorewall-lite system, or are you compiling on the box > itself? If on the box itself and you are including these rules from a > directory other than /etc/shorewall/, beware of your AUTOMAKE setting. > If the directory is a subdirectory of /etc/shorewall, then you need > AUTOMAKE=no, AUTOMAKE=recursive or AUTOMAKE=n where n >= 2. If the > > directory is not a sub-directory of /etc/shorewall, then you must set > AUTOMAKE=no or you must add that directory to CONFIG_PATH. > > -Tom > > --------------------------------------------------------------------------------------------------------------------------------------- > > Tom Eastep \ Q: What do you get when you cross a mobster > Shoreline, \ with an international standard? > Washington, USA \ A: Someone who makes you an offer you > http://shorewall.org \ can't understand > \________________________________________ > > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
