On Friday 16 March 2007 10:01, Jon wrote: > Ok, after spending the requisite hours swearing and bashing about, I > give up. > > All I am trying to do are some (presumably) simple DNAT rules. I have a > fairly typical two NIC setup. > > I have an admin zone, a net zone, a local zone, and a firewall. I want > to do two things: > > 1. Port foward 443 and 80 (amongst other ports) to a local machine > behind the firewall. > 2. Redirect and port forward external port 2222 to port 22 on a local > machine behind the firewall and leave port 22 accepted into the firewall > itself. The port 22 into the firewall is working fine. > > The Shorewall site and mailing list is absolutely rife with > documentation on how to do this, yet I cannot see where I am erring. > > The syslog shows Shorewall letting traffic in as desired. The problem is > that nothing ever comes back out. Let's focus on my SSH rule at the > moment. It is: > > DNAT:info net loc:10.0.50.50:22 tcp 2222
I've run into this before as well, and had all kinds of grief until I figured it out. For some reason, the SSH protocol does not like its port changed. So, if you have 2222 open on the firewall, then have SSH listen on 2222 (as well as 22, if you want) on your machine, and DNAT to 2222. Hopefully, that will work....at least if it's the same problem I had. j -- Joshua Kugler Lead System Admin -- Senior Programmer http://www.eeinternet.com PGP Key: http://pgp.mit.edu/ ID 0xDB26D7CE PO Box 80086 -- Fairbanks, AK 99708 -- Ph: 907-456-5581 Fax: 907-456-3111 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
