[Shorewall-newbies] DNAT not working at all

Tom Eastep teastep at shorewall.net
Wed Jan 7 13:13:04 PST 2004


On Wednesday 07 January 2004 01:03 pm, Tom Eastep wrote:
> On Wednesday 07 January 2004 12:59 pm, Tom Eastep wrote:
> > The steps for troubleshooting port forwarding problems are given in FAQs
> > 1a and 1b. According to your "shorewall status" output, at least one
> > connection request was received from the internet and forwarded to your
> > server at 192.168.0.9.
>
> In fact, a connection was established from 216.127.72.7:
>
> tcp      6 431992 ESTABLISHED src=216.127.72.7 dst=82.39.120.35 sport=45644
> dport=9192 src=192.168.0.9 dst=216.127.72.7 sport=9192 dport=45644
> [ASSURED] use=1

In other words whatever the problem is that is causing the connection to 
appear to hang, it is NOT your DNAT rule. Also, the fact that the TCP session 
can be established means that the default gateway on 192.168.0.9 is correct.

Can 192.168.0.9 do reverse DNS lookups ok (especially a reverse DNS lookup of 
216.127.72.7)?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list