[Shorewall-newbies] Probelm with DNAT (Portforwarding)

Tom Eastep teastep at shorewall.net
Sun Jan 4 17:33:55 PST 2004


On Mon, 5 Jan 2004, Roger Zueger wrote:

> DNAT:info       net     loc:10.0.0.200  tcp     80      -
>
> If I try to connect (from the internet [net]) my internal www-server the
> firewall write the following line in  syslog:
>
> Jan  5 00:42:30 net_dnat:DNAT:IN=eth0 OUT= SRC=81.62.184.216
> DST=217.162.228.222 LEN=60 TOS=0x10 PREC=0x00 TTL=53 ID=47877 DF PROTO=TCP
> SPT=10459 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
>
> But no connection will be etablished. I don't know why, because if I try to
> connect my webserver from the firewall [fw] it works perfekt! I'm using
> shorewall 1.4.8 on a debian 3.0 (woody) system with kernel 2.4.18.
>

You have completed the first step in diagnosing port forwarding problems.
Please see FAQs 1a and 1b for more things to check.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net


More information about the Shorewall-newbies mailing list