[Shorewall-newbies] DNAT stops working.

Kim Pedersen kp at thuka.dk
Tue Mar 9 05:49:39 PST 2004


  I have installed the Shorewall package, and I have configured it 
according to the "I have multiple public IPs" howto. I can get everything 
working, including my dnat rules.
However, after a while the DNAT rules stop working. Restarting shorewall 
simply will not help this situation.

Trying to issue the: shorewall show nat command, will correctly tell me 
that I have indeed installed the dnat rules. one-to-one nat to these 
servers work perfectly, all the time, as far as
i can tell. As mentioned I have several public IPs and a couple of DMZ 
zones. I have included the relevant DNAT rules in the mail.

I hope someone can give me some information on what I am doing wrong.

System is slackware 9.1 with kernel 2.4.22.
Shorewall is version 1.4.10c (I have the same problem with the 1.3 

The DNAT rules in question:
DNAT net        dmz:        tcp     25 -
DNAT net        dmz:       tcp     80 -

Sometimes this works, other it doesnt... What am i doing wrong?

tcpdumping gives me no other info than I am receiving the packets on the 
internet interface, but they are never forwarded to the hosts on the 

Kim Pedersen

More information about the Shorewall-newbies mailing list