On Jul 8, 2011, at 5:27 PM, Terre Porter wrote: > > The masquerade is working, the laptop and server1 can access the internet > with no problems. > > But when I try to connect to the ftp (to the 10.10.1.10 ip) it doesn’t > forward to server 1 (10.2.1.131). Tcpdump records nothing on the 131 server. > No errors or denys from Shorewall on the fw. > > # forward ftp to ftp server > # > FTP/DNAT net loc:10.2.1.131 > > # shorewall show nat > Shorewall 4.4.20.3 NAT Table at slfw.foo.lan - Fri Jul 8 20:02:00 EDT 2011 > > Counters reset Fri Jul 8 20:01:45 EDT 2011 > > Chain dnat (1 references) > pkts bytes target prot opt in out source destination > 28 1861 net_dnat all -- eth1 * 0.0.0.0/0 0.0.0.0/0 > > Chain net_dnat (1 references) > pkts bytes target prot opt in out source destination > 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 > tcp dpt:21 /* FTP */ to:10.2.1.131
Have you followed the DNAT troubleshooting instructions in Shorewall FAQs 1a and 1b? If you had, you would know that no connection requests on TCP port 21 have entered your firewall through eth1. So I suggest that your review those two FAQs. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
