Discussion:
[Shorewall-users] DNAT Not Working; Attempts Not Logged
g***@dir.bg
2006-12-11 12:12:12 UTC
Permalink
System: Tinysofa 2 (Odin)
Shorewall ver. 3.2.5
interfaces:
net eth0 192.168.111.2 mask 255.255.255.252 gw 192.168.111.1
loc eth1 192.168.0.11 mask 255.255.255.0

trying to forward HTTP connections from 192.168.111.1 (net) on eth0
(net) to local address 192.168.0.9 (a web server) - attempts not even
logged (using debug setting for logging all new connections), while SSH
connections are logged (successful or not).

rule from /etc/shorewall/rules:

DNAT net loc:192.168.0.9 tcp http

(tried 'DNAT net loc:192.168.0.9 tcp 80' - doesn't work
either).

Please help.

Joro
Fábio Rabelo
2006-12-11 12:14:10 UTC
Permalink
What distribution ?
Did you set ip forward = on in the kernel ??

Fábio Rabelo
Post by g***@dir.bg
System: Tinysofa 2 (Odin)
Shorewall ver. 3.2.5
net eth0 192.168.111.2 mask 255.255.255.252 gw 192.168.111.1
loc eth1 192.168.0.11 mask 255.255.255.0
trying to forward HTTP connections from 192.168.111.1 (net) on eth0
(net) to local address 192.168.0.9 (a web server) - attempts not even
logged (using debug setting for logging all new connections), while SSH
connections are logged (successful or not).
DNAT net loc:192.168.0.9 tcp http
(tried 'DNAT net loc:192.168.0.9 tcp 80' - doesn't work
either).
g***@dir.bg
2006-12-11 12:29:06 UTC
Permalink
Distro = tinysofa 2 (kernel 2.6.9)

ip forward = on

Joro

On Mon, 11 Dec 2006 10:14:10 -0200
Post by Fábio Rabelo
What distribution ?
Did you set ip forward = on in the kernel ??
Fábio Rabelo
Post by g***@dir.bg
System: Tinysofa 2 (Odin)
Shorewall ver. 3.2.5
net eth0 192.168.111.2 mask 255.255.255.252 gw 192.168.111.1
loc eth1 192.168.0.11 mask 255.255.255.0
trying to forward HTTP connections from 192.168.111.1 (net) on eth0
(net) to local address 192.168.0.9 (a web server) - attempts not
even
Post by g***@dir.bg
logged (using debug setting for logging all new connections), while
SSH
Post by g***@dir.bg
connections are logged (successful or not).
DNAT net loc:192.168.0.9 tcp http
(tried 'DNAT net loc:192.168.0.9 tcp 80' - doesn't work
either).
-------------------------------------------------------------------------
Post by Fábio Rabelo
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to
share your
opinions on IT & business topics through brief surveys - and earn
cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Post by Fábio Rabelo
_______________________________________________
Shorewall-users mailing list
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Kiss Gábor
2006-12-11 12:29:59 UTC
Permalink
Post by g***@dir.bg
DNAT net loc:192.168.0.9 tcp http
try this:

DNAT net loc:192.168.0.9:80 tcp 80

Gabor Kiss
g***@dir.bg
2006-12-11 13:05:52 UTC
Permalink
Tried, didn't help :( Didn't even log my connection attempts. Of course
shorewall restarted.

On Mon, 11 Dec 2006 13:29:59 +0100
Post by Kiss Gábor
Post by g***@dir.bg
DNAT net loc:192.168.0.9 tcp http
DNAT net loc:192.168.0.9:80 tcp 80
Gabor Kiss
Tom Eastep
2006-12-11 12:55:53 UTC
Permalink
Post by g***@dir.bg
System: Tinysofa 2 (Odin)
Shorewall ver. 3.2.5
net eth0 192.168.111.2 mask 255.255.255.252 gw 192.168.111.1
loc eth1 192.168.0.11 mask 255.255.255.0
trying to forward HTTP connections from 192.168.111.1 (net) on eth0
(net) to local address 192.168.0.9 (a web server) - attempts not even
logged (using debug setting for logging all new connections), while SSH
connections are logged (successful or not).
DNAT net loc:192.168.0.9 tcp http
(tried 'DNAT net loc:192.168.0.9 tcp 80' - doesn't work
either).
Please help.
Your first rule is correct (and is equivalent to your second rule).

Please follow the DNAT troubleshooting steps outlined in Shorewall FAQs
1a and 1b.

-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ ***@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Loading...