[Shorewall-newbies] DNAT not working at all

Tom Eastep teastep at shorewall.net
Wed Jan 7 13:13:04 PST 2004

On Wednesday 07 January 2004 01:03 pm, Tom Eastep wrote:
> On Wednesday 07 January 2004 12:59 pm, Tom Eastep wrote:
> > The steps for troubleshooting port forwarding problems are given in FAQs
> > 1a and 1b. According to your "shorewall status" output, at least one
> > connection request was received from the internet and forwarded to your
> > server at
> In fact, a connection was established from
> tcp      6 431992 ESTABLISHED src= dst= sport=45644
> dport=9192 src= dst= sport=9192 dport=45644
> [ASSURED] use=1

In other words whatever the problem is that is causing the connection to 
appear to hang, it is NOT your DNAT rule. Also, the fact that the TCP session 
can be established means that the default gateway on is correct.

Can do reverse DNS lookups ok (especially a reverse DNS lookup of

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list