[Shorewall-users] DNAT & IPSEC Problem

Krauss, Hassel h.krauss at klinikum-weissenhof.de
Thu Mar 25 10:58:15 PST 2004


Hello to all

i have a big problem here, im trying to configure an 3 interface firewall where
eth0 =loc
eth1 =net	(static ip)
eth2 =dmz (10.60.8.1/21)

DNAT		Zone net 	Host 10.60.8.2 in zone dmz 	50 	Any 	
DNAT		Zone net 	Host 10.60.8.2 in zone dmz 	51 	Any 	
ACCEPT 	Host xx.xxx.xxx.xx,xx.xxx.xxx.xxx in zone net 	Any 	UDP 	Any 	500,4500 	
DNAT		Zone net 	Host 10.60.8.2 in zone dmz 	UDP 	Any 	500,4500 	
ACCEPT 	Zone dmz 	Zone net 	UDP 	Any 	500,4500 	
ACCEPT 	Zone dmz 	Host 10.36.8.3 in zone loc 	TCP 	Any 	1494,1604 	
ACCEPT 	Zone dmz 	Host 10.36.8.2,10.36.8.51,10.36.8.52 in zone loc 	TCP 	Any 	53

i want to dnat the vpn server behind the firewall


i allways get these messages
Mar 25 19:41:25 net2all:DROP:IN=eth1 OUT= SRC="another ip" DST="my ip" LEN=152 TOS=0x00 PREC=0x00 TTL=252 ID=10057 PROTO=UDP SPT=500 DPT=500 LEN=132 
Mar 25 19:48:26 all2all:REJECT:IN=eth2 OUT=eth1 SRC=10.60.8.2 DST="another ip" LEN=29 TOS=0x00 PREC=0xC0 TTL=254 ID=5013 PROTO=UDP SPT=0 DPT=0 LEN=9 

would be great if anyone could help :)

bye hassel


More information about the Shorewall-users mailing list