[Shorewall-users] DNAT help

Tom Eastep teastep@shorewall.net
Wed, 3 Jul 2002 15:35:09 -0700 (Pacific Daylight Time)


On Wed, 3 Jul 2002, Roy Barkas wrote:

> I'm having trouble making DNAT work the way I think it should.  I'm
> using Shorewall 1.2 and iptables 1.2.5.1.
>
> What I need to do is forward udp port 500 packets addressed to the
> firewall machine from the net to a machine behind the firewall.
>
> I have NAT_ENABLED set to "yes"
>
> I am masquerading the machine that I want to forward the incoming
> packets to.
>
> I have the following statement in /etc/shorewall/rules:
>
> DNAT net:203.11.22.121/32 wep:192.168.10.22 udp 500
>
> 	   ^^the source machine	     ^^my destination behind the
> firewall
>
> "wep" and "net" are defined in my interfaces file and work fine for
> everything else.
>
> I get the following message upon doing a shorewall start:
>
> Error: Invalid Target in rule "DNAT net:202.12.92.210/32 wep:192.168.0.2
> udp 500"
>
> Helppppp!
>

You're using 1.3 syntax with Shorewall 1.2.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net