On 11/19/2017 01:01 PM, Colony.three via Shorewall-users wrote: > Hello, I can not get DNAT to work to save my life. > > All machines are CentOS7 KVM virtual machines, one the > internet-connected router, and the other in the DMZ. > > I've gone through the docs and there seem to be two methods of > port-forwarding, and neither works in the router: > DNAT net dmz:10.1.1.30 tcp http,https > ... and > Web(DNAT) net dmz:10.1.1.30 > Web(ACCEPT) local dmz:10.1.1.30 > (Of course10.1.1.30 is the dmx web server) > > > > I checked both using a remote Openstack VM. And I'd previously used > that OS VM to check that port 80, 443, etc could get through my ISP to > the router/firewall, and they can. But port-forwarding simply does not > work in the router. I even tried the port 5000 mapped to 80 trick and > no dice. > > I turned off SELinux, and set aside my sysctl.conf security file, and no > better. I can reach the webserver in the dmz from the local LAN, so the > problem must be in port forwarding. There are no error messages in dmesg. > > I've forwarded the dump to Tom. >
Are you sure this isn't working. I can connect to the firewall's external IP on port 80 and I get the Quantum Equities web site. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
