Hi, attached is my shorewall dump.when connecting from outside to my ip from 2nd isp (87.139.112.239) I see this in the log:
Sep 25 15:44:02 gate kernel: Shorewall:net_dnat:DNAT:IN=eth0.5 OUT= MAC=00:0e:0c:84:16:42:00:0b:3b:0e:7d:bb:08:00 SRC=134.100.58.143 DST=192.168.5.254 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=207 DF PROTO=TCP SPT=44706 DPT=1970 WINDOW=5840 RES=0x00 SYN URGP=0
my DNAT rule now:DNAT:info net:eth0.5 dmz:85.183.131.11 tcp 22,1970,54999:56000 - 192.168.5.254
the router for second isp (192.168.5.253) forwards port 1970 to my firewall 192.168.5.254. so im not sure if I shall use as orig destination the official IP or the one from my firewalls interface to the router...
Tom Eastep wrote:
Christophe Zwecker wrote:Hi,I got a dual ISP Setup and my 2nd ISP router is congigured to forward all traffic to my shorewal fw. Some of the ports shall be forwarded then from shorewall to a server in my dmz. The ports not being forwarded by the DNAT rule or seen to be rejected. The Ports which I try to forward to the Server dont work and I dont see an error.Please follow the DNAT debugging tips in Shorewall FAQs 1a and 1b.Here my files:If you don't find a solution, then please provide the information requested at http://www.shorewall.net/support.htm.
-- Christophe Zwecker mail: [EMAIL PROTECTED] Hamburg, Germany fon: +49 179 3994867 http://www.zwecker.de "Reality is that which, when you stop believing in it, doesn't go away"
shorewall.dump.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
