Le 07/04/2023 à 09꞉33, Olivier Sannier a écrit :
So I tried this rule:
DNAT:INFO:mqtt loc $FW:127.0.0.1:1883 tcp 1883
- &enp4s0
And it gives me the "martian sources" error that I already mentioned
Well, as it turns out, this is because I'm targeting a local IP address
and the kernel considers 127/8 as a martian by default.
Setting net.ipv4.conf.all.route_localnet to 1 with sysctl allows local
routing and then this rule works just fine.
I could not find a setting for this in shorewall.conf, but it's easy
enough to have it applied at every boot, so I'm fine._______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
