On 12/11/2017 02:49 PM, Tom Eastep wrote: > On 12/11/2017 07:48 AM, dino muzic via Shorewall-users wrote: >> >> Hi, >> >> I was trying to DNAT as usually (pass-through external client request to >> internal server) but shorewall does not compile.. >> >> /etc/shorewall/rules : >> >> #ACTION SOURCE DEST PROTO DPORT SPORT >> ORIGDEST >> DNAT net loc:10.3.88.71:22 tcp >> 2201 - 99.1.1.1 >> >> >> 99.1.1.1 is the firewall eth0 (net) interface >> 10.3.88.71 is the internal server >> >> >> # shorewall restart >> >> iptables-restore: line 36 failed >> ERROR: iptables-restore Failed. Input is in >> /var/lib/shorewall/.iptables-restore-input >> >> /var/lib/shorewall/.iptables-restore-input : >> *nat >> :PREROUTING ACCEPT [0:0] >> :OUTPUT ACCEPT [0:0] >> :POSTROUTING ACCEPT [0:0] >> -A PREROUTING -i eth0 -p 6 --dport 2201 -d 99.1.1.1 -j DNAT >> --to-destination 10.3.88.71:22 >> COMMIT >> >> >> please help > > What do you see in the system log when this happens? >
You can also try 'shorewall debug restart' which gives you better error messages. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
