[Shorewall-newbies] DNAT not working at all

Simon Cooper thecoop at runbox.com
Wed Jan 7 20:48:40 PST 2004


I'm trying to route connections to 9192 on the firewall to internal machine 192.168.0.9:9192 as a streaming webcam server

shorewall version:
1.4.7c

/etc/shorewall/rules:
# Webcam
DNAT    net             loc:192.168.0.9:9192    tcp     9192
DNAT    loc             loc:192.168.0.9:9192    tcp     9192

/etc/shorewall/policy:
#SOURCE         DEST            POLICY          LOG             LIMIT:BURST
#                                               LEVEL
fw              all             ACCEPT          info
loc             net             ACCEPT
loc             fw              ACCEPT
net             all             DROP            info
all             all             REJECT          info 

ip addr show:
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:02:44:07:89:a0 brd ff:ff:ff:ff:ff:ff
    inet 82.39.120.35/21 brd 255.255.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:50:04:31:ea:17 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.10/24 brd 192.168.0.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:0a:79:15:1b:b4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global eth2

ip route show:
192.168.1.0/24 dev eth2  proto kernel  scope link  src 192.168.1.1 
192.168.0.0/24 dev eth1  proto kernel  scope link  src 192.168.0.10 
82.39.120.0/21 dev eth0  proto kernel  scope link  src 82.39.120.35 
127.0.0.0/8 via 127.0.0.1 dev lo  scope link 
default via 82.39.120.1 dev eth0 

/sbin/shorewall status:
http://thecoop.dyndns.org/status.txt

But it doesnt connect from outside or inside, and just times out. telneting to 192.168.0.9:9192 from the firewall works fine, and the local machine can connect ok

reply to thecoop at runbox.com

Thanks,
Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shorewall.net/pipermail/shorewall-newbies/attachments/20040107/1f79b860/attachment.bin


More information about the Shorewall-newbies mailing list