On Thu, Dec 02, 2021 at 07:09:04PM +0100, shacky wrote: > Hi, > I'm trying to setup a DNAT which forwards requests originally directed to > 127.0.0.1:8404 to 10.1.3.253:8404.
> /etc/shorewall/interfaces: > ############################################################################### > #ZONE INTERFACE OPTIONS > lan ens18 > tcpflags,logmartians,nosmurfs,sourceroute=0,physical=ens18 > /etc/shorewall/rules: > DNAT $FW:127.0.0.1 lan:10.1.3.253:8404 tcp 8404 > > root@log:/etc/shorewall# telnet 127.0.0.1 8404 I think you need a snat (previously snat) rule to use the lan address on the packet going out ens18. https://shorewall.org/manpages/shorewall-snat.html https://shorewall.org/two-interface.htm#SNAT I suggest to make the DNAT rule log its matching packets. You could check and/or further diagnose the problem by checking logs and by running tcpdump -i any 'port 8404' -- Justin _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
