Hello! Sorry for my late answer. Now I figured it out! Thanks Michael, after running "fwknopd --fw-list" I got list like this:
<clip> Chain FWKNOP_INPUT (1 references) num target prot opt source destination Chain FWKNOP_FORWARD (1 references) num target prot opt source destination 1 ACCEPT tcp -- 192.168.171.1 10.11.12.5 tcp dpt:22 /* _exp_1281427915 */ Chain FWKNOP_PREROUTING (1 references) num target prot opt source destination 1 DNAT tcp -- 192.168.171.1 0.0.0.0/0 tcp dpt:22 /* _exp_1281427915 */ to:10.11.12.5:22 Chain FWKNOP_POSTROUTING (1 references) num target prot opt source destination 1 SNAT tcp -- 0.0.0.0/0 10.11.12.5 tcp dpt:22 /* _exp_1281427915 */ to:10.11.12.1:22 <clip> ...and it looks like what I am trying to do all this time, BUT I never wanted NAT for connection(s) so I removed lines: ENABLE_IPT_SNAT Y; SNAT_TRANSLATE_IP 10.11.12.1; from /etc/fwknop/fwknopd.conf and no more NAT happening! Thank you very much. Best Regards, Matti On Sat, Aug 7, 2010 at 4:33 PM, Michael Rash <[email protected]> wrote: > > If you use the NAT support in fwknop, send and SPA packet, and then on > the firewall do "fwknopd --fw-list", you should see a rule that is very > close to what you have above. What is the output of the above command > after you send the SPA packet? > > --Mike > >
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
