Hi,
I am having trouble getting a DNAT to work like so:
in rules:
DNAT net:+cust_eth2 colo:PPP.PPP.P.PPP:22 tcp 2222
- XXX.XXX.XX.XX
snipped config files:
zones:
net ipv4
cust:net ipv4
interfaces:
net eth2 detect
hosts:
cust eth2:+cust_eth2
# ipset -L
Name: cust_eth2
Type: iphash
References: 9
Header: hashsize: 1024 probes: 8 resize: 50
Members:
XXX.XXX.87.173
When I connect from the the ip .87.173 as listed in the ipset, it doesn't
work as per this log message:
Shorewall:cust2fw:REJECT:IN=eth2 OUT= MAC=0000000000 SRC=XXX.XX.87.173
DST=XXX.XXX.XXX.XX LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=5116 DF PROTO=TCP
SPT=52521 DPT=2222 WINDOW=8192 RES=0x00 SYN URGP=0
I also tried in hosts:
cust eth2:dynamic
Weird thing is, if I remove the ipset restriction on the DNAT, it still
blocks me, until I remove my ip from the ipset.
Any pointers? have I missed something obvious. I know the logmsg says
cust2fw, but I assume thats because the DNAT is failing to add and
accompanying ACCEPT rule for the ipset. No idea why though.
thanks in advance!
Dave
------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management
Up to 160% more powerful than alternatives and 25% more efficient.
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
