On vendredi, 15 septembre 2017 12.32:37 h CEST andreil1 wrote: > Hi, > > I’ve got really strange problem, which seem to be appeared after update from > shorewall 4.6.13.4 to 5.1.4.3 on OpenSUSE 42.2 (shorewall update was run > after upgrade). I have not used this DNAT for a while, so can’t tell for > sure when it stopped. > > DNAT currently working > ACCEPT net dmz tcp xx > DNAT net dmz:192.168.1.2:yy tcp xx > > DNAT currently NOT working > ACCEPT net loc tcp xx > DNAT net loc:192.168.0.2:yy tcp xx > > Port yy is open on 192.198.0.2, I can connect from local net. > > I can still use rinetd to do the work, however, it can’t redirect UDP. > > What could be the problem ? > > Thanks in advance for any suggestion(s).
Are you sure you're still on 42.2, I (as shorewall maintainer at openSUSE) did not sent shorewall update for 42.2. 5.1.4.3 appear in 42.3 (due to end of life of shorewall 4x version) During the update there's a warning about the need to run shorewall update -A Afterwards, only snat file has normally to be edited to insert new rules (old nat.rpmsave) And there was the problem with the dropBcats, but this is resolved with the new maintenance 5.1.5.2-3.1 published the 13th September. But I don't see why this rules wouldn't work. I've for example this kind of rules which works DNAT net:$trusted lan:$coucou:3389 tcp 3399 -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch Bareos Partner, openSUSE Member, fsfe fellowship GPG KEY : D5C9B751C4653227 irc: tigerfoot ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
