Re: [Shorewall-users] DNAT Not Working

2017-11-20 Thread Tom Eastep
On 11/20/2017 11:30 AM, Colony.three via Shorewall-users wrote: >>> If necessary, can I somehow enter it here as a system variable? >> >> >> You can use >> >> -Tom > > Holy cow, this saves all kinds of scripted checks and saves! > > Thanks for all your help Tom. > You're most welcome.

Re: [Shorewall-users] DNAT Not Working

2017-11-20 Thread Colony.three via Shorewall-users
>> If necessary, can I somehow enter it here as a system variable? >> You can use >> >> -Tom Holy cow, this saves all kinds of scripted checks and saves! Thanks for all your help Tom.-- Check out the vibrant tech

Re: [Shorewall-users] DNAT Not Working

2017-11-20 Thread Tom Eastep
On 11/20/2017 10:40 AM, Colony.three via Shorewall-users wrote: > > By the mighty Hammer Of Thor, it works.  I don't understand why my > remote curl or nc attempts didn't work. > > When using:  Web(DNAT)    loc   dmz   -     - -   50.35.109.212 > ... is that last 50.35.109.212

Re: [Shorewall-users] DNAT Not Working

2017-11-20 Thread Colony.three via Shorewall-users
> On 11/20/2017 09:27 AM, Colony.three via Shorewall-users wrote: > >>> Are you sure this isn't working. I can connect to the firewall's >>> external IP on port 80 and I get the Quantum Equities web site. >>> >>> -Tom >>> >>> ___ >> >> Hm, that's odd.

Re: [Shorewall-users] DNAT Not Working

2017-11-20 Thread Tom Eastep
On 11/20/2017 09:27 AM, Colony.three via Shorewall-users wrote: > >> Are you sure this isn't working. I can connect to the firewall's >> external IP on port 80 and I get the Quantum Equities web site. >> >> -Tom >> >> >> ___ >> > > Hm,

Re: [Shorewall-users] DNAT Not Working

2017-11-20 Thread Colony.three via Shorewall-users
> Are you sure this isn't working. I can connect to the firewall's > external IP on port 80 and I get the Quantum Equities web site. > > -Tom > > ___ Hm, that's odd. My remote OpenStack instance is CentOS Minimal so no GUI. I have to use curl to

Re: [Shorewall-users] DNAT Not Working

2017-11-20 Thread Tom Eastep
On 11/19/2017 01:01 PM, Colony.three via Shorewall-users wrote: > Hello, I can not get DNAT to work to save my life. > > All machines are CentOS7 KVM virtual machines, one the > internet-connected router, and the other in the DMZ. > > I've gone through the docs and there seem to be two methods

Re: [Shorewall-users] DNAT Not Working

2017-11-19 Thread Colony.three via Shorewall-users
I've set ACCEPT rules for net to $FW and net to dmz (not sure which applies) for http and https. Going through the FAQ here: http://shorewall.net/FAQ.htm#faq1a - I'm testing from a remote OpenStack VM (Internap) using: # curl -v http://50.35.109.212 * About to connect() to 50.35.109.212 port 80

Re: [Shorewall-users] DNAT Not Working

2017-11-19 Thread Les Niles
Do you have firewall rules to allow that traffic through? Pretty much every time I can’t get something like this to work it turns out to be because it’s blocked by the firewall. -Les > On 19 Nov 2017, at 13:01, Colony.three via Shorewall-users >

Re: [Shorewall-users] DNAT Not Working

2017-11-19 Thread Colony.three via Shorewall-users
> Do you have firewall rules to allow that traffic through? Pretty much every > time > I can’t get something like this to work it turns out to be because it’s > blocked by > the firewall. > -Les Sure. That's the purpose of the NAT command isn't it? Anyway, there are no error messages in

[Shorewall-users] DNAT Not Working

2017-11-19 Thread Colony.three via Shorewall-users
Hello, I can not get DNAT to work to save my life. All machines are CentOS7 KVM virtual machines, one the internet-connected router, and the other in the DMZ. I've gone through the docs and there seem to be two methods of port-forwarding, and neither works in the router: DNAT net

[Shorewall-users] DNAT not working

2013-03-19 Thread Donald S. Doyle
Hello, I have a DNAT rule to a Linux server and that is working great! I have another DNAT rule to a Server 2008 system and I am not getting through. Now what the heck am I doing wrong? Have a great day, Donald S. Doyle President G.E.M. Computer Consulting, LLC 317.250.4448

Re: [Shorewall-users] DNAT not working

2013-03-19 Thread Tom Eastep
On 03/19/2013 11:21 AM, Donald S. Doyle wrote: Hello, I have a DNAT rule to a Linux server and that is working great! I have another DNAT rule to a Server 2008 system and I am not getting through. Now what the heck am I doing wrong? Have you followed the DNAT troubleshooting

Re: [Shorewall-users] DNAT not working

2013-03-19 Thread Donald S. Doyle
...@shorewall.net] Sent: Tuesday, March 19, 2013 3:47 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] DNAT not working On 03/19/2013 11:21 AM, Donald S. Doyle wrote: Hello, I have a DNAT rule to a Linux server and that is working great! I have another DNAT rule to a Server

Re: [Shorewall-users] DNAT not working

2010-03-07 Thread Tom Eastep
dennis wrote: Hi I am having a problem with a DNAT rule where the packets being REJECT'd: DNAT:info net priv:192.168.6.15 udp 5060 With the following appearing in the log: Mar 6 11:59:30 ipcop kernel: Shorewall:net2fw:REJECT:IN=eth3 OUT=

Re: [Shorewall-users] DNAT not working

2010-03-07 Thread dennis
Thanks for the help. I tried the command conntrack -F from the command line and it had no effect until I restarted shorewall too. I guess that was the part I was missing. So in general is this a race condition in iptables that will happend randomly from time to time? I am just trying to

Re: [Shorewall-users] DNAT not working

2010-03-07 Thread Tom Eastep
dennis wrote: So in general is this a race condition in iptables that will happend randomly from time to time? I am just trying to understand what is the root cause of this problem and if kernel or iptable upgrades will help solve the problem. I can't possibly answer that question -- you

Re: [Shorewall-users] DNAT Not Working; Attempts Not Logged

2006-12-11 Thread Fábio Rabelo
What distribution ? Did you set ip forward = on in the kernel ?? Fábio Rabelo [EMAIL PROTECTED] escreveu: System: Tinysofa 2 (Odin) Shorewall ver. 3.2.5 interfaces: neteth0192.168.111.2 mask 255.255.255.252 gw 192.168.111.1 loceth1192.168.0.11 mask 255.255.255.0

Re: [Shorewall-users] DNAT Not Working; Attempts Not Logged

2006-12-11 Thread g.yordanov
Distro = tinysofa 2 (kernel 2.6.9) ip forward = on Joro On Mon, 11 Dec 2006 10:14:10 -0200 Fábio Rabelo [EMAIL PROTECTED] wrote: What distribution ? Did you set ip forward = on in the kernel ?? Fábio Rabelo [EMAIL PROTECTED] escreveu: System: Tinysofa 2 (Odin) Shorewall

Re: [Shorewall-users] DNAT Not Working; Attempts Not Logged

2006-12-11 Thread Kiss Gábor
[EMAIL PROTECTED] írta: rule from /etc/shorewall/rules: DNAT net loc:192.168.0.9tcphttp try this: DNAT net loc:192.168.0.9:80tcp80 Gabor Kiss - Take Surveys. Earn Cash. Influence the

Re: [Shorewall-users] DNAT Not Working; Attempts Not Logged

2006-12-11 Thread Tom Eastep
[EMAIL PROTECTED] wrote: System: Tinysofa 2 (Odin) Shorewall ver. 3.2.5 interfaces: neteth0192.168.111.2 mask 255.255.255.252 gw 192.168.111.1 loceth1192.168.0.11 mask 255.255.255.0 trying to forward HTTP connections from 192.168.111.1 (net) on eth0 (net) to local address