2.3.4.5 is my partner and we agreed to bind to each other on that port. But the problem is, when 5.6.7.8 try to connect to 2.3.4.5 it always failed. And according to my partner log, it say that connection from is not coming from 5.6.7.8. Please help. TIA.
Willy On Thu, 2009-06-11 at 21:55 -0700, Tom Eastep wrote: > sangprabv wrote: > > Hi, > > I have several virtual IP on my FW and one of them is eth1:4 1.2.3.4. I > > want connection from IP 2.3.4.5:3499 (the internet) to 1.2.3.4:3499 > > forward to 5.6.7.8 which is behind the firewall. I have create this > > rule: > > DNAT net:2.3.4.5 loc:5.6.7.8 tcp 3499 - 1.2.3.4 > > If you want to enforce both the source and dest port restrictions, you want: > > DNAT net:2.3.4.5 loc:5.6.7.8 tcp 3499 3499 1.2.3.4 > > One question -- how are you ensuring that the client at 2.3.4.5 is > binding to port 3499? > > > Why the connection can't be made? Should I use ACCEPT? TIA > > See the DNAT debugging tips in Shorewall FAQs 1a and 1b. > > -Tom > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
