On Wed, Oct 09, 2024 at 04:54:52PM +0200, Peter Andersson wrote: > Thanks for helping out! > The tcpdump command shows that the gw/server (10.10.10.20) connects to the > webserver when I'm connecting via port 80: > > 15:30:07.801326 IP 10.10.10.20.60822 > 10.10.10.90.80: Flags [.], ack 2, > win 2058, options [nop,nop,TS val 838783045 ecr 1816721615], length 0 > > But when I'm connecting via port 443 then it tries to connect directly: > > 15:30:24.221936 IP 10.10.10.238.60823 > 10.10.10.90.443: Flags [S], seq > 3132427274, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val > 2777840162 ecr 0,sackOK,eol], length 0
This shows that it's connecting with the client's IP. But it's possible that it's hitting the gateway and being forwarded, but without hitting a NAT rule. Check which rule is being hit. On 2024-10-09 14:45, Justin Pryzby wrote: > > You should probably add logging to be sure the rules are hit as you > > expect: > > > > DNAT:info:http [...] > > DNAT:info:https [...] ^^ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
