On 7/24/2014 5:04 PM, [email protected] wrote: >> If you can't explain why you need the loc zone, then get rid of >> it!!! > > OK. it's gone. next? > >>> DNAT net $FW:192.168.1.2 tcp 25 - >>> S.S.S.S >> >> Isn't 192.168.1.2 in the vpn1 zone???? Why do you specify $FW in >> the DEST column??? > > I entered this rule because I saw a firewall REJECT that it fixed. > Nothing more. > > As I've already said, I'm trying random things without much > rationale. > > I'm stuck, frustrated, and asking for help. I appreciate any help I > get, but honestly the "!!!" and the "????" aren't very helpful. > > If you've a suggestion as to what to DO, rather than beating me up > because of what I've DONE, that'd be really great.
I'm simply trying to get you to think rather than "trying random things". Because ultimately, you are going to have to maintain this configuration. http://www.shorewall.net/support.html#Guidelines clearly spells out what we need to help you solve your problems. In the future, you may wish to refer to it. In the mean time, I *think* your DNAT rule should be: DNAT net vpn1:192.168.1.2 tcp 25 S.S.S.S That's why I asked you about what zone 192.168.1.2 is in -- do you see? Please see if that helps. And if it doesn't, then please refer to the DNAT debugging procedure outlined in Shorewall FAQs 1a and 1b. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
