[Shorewall-users] DNAT help

Roy Barkas rbarkas@usa.net
Wed, 3 Jul 2002 18:47:41 +1000


I'm having trouble making DNAT work the way I think it should.  I'm
using Shorewall 1.2 and iptables 1.2.5.1.

What I need to do is forward udp port 500 packets addressed to the
firewall machine from the net to a machine behind the firewall.

I have NAT_ENABLED set to "yes"

I am masquerading the machine that I want to forward the incoming
packets to.

I have the following statement in /etc/shorewall/rules:

DNAT net:203.11.22.121/32 wep:192.168.10.22 udp 500

	   ^^the source machine	     ^^my destination behind the
firewall

"wep" and "net" are defined in my interfaces file and work fine for
everything else.

I get the following message upon doing a shorewall start:

Error: Invalid Target in rule "DNAT net:202.12.92.210/32 wep:192.168.0.2
udp 500"

Helppppp!

Roy Barkas
rbarkas@usa.net