[Shorewall-users] problem with high ports?

K Efland kefland at gmail.com
Sat Sep 18 00:09:25 PDT 2004


I am running 1.4.8 and i have an external IP that is pretty well cut
up with DNAT to several different subnets.  When adding DNS (UDP:53)
to the mix, I dont get a response from the server.

According to shorewall (shorewall show nat):
 33  2527 DNAT       udp  --  *      *          udp dpt:53 to:

yet my DNS log is coming up empty its only seeing requests off the
1918 address space, even though there are packets and bytes associated
with the rule.  I have other publics that are running DNSP with DNAT
rules in place, but they have NAT entries which if added to the IP in
question breaks the host of other services already running on the IP.

I know that DNS responds on a high port and am wondering if this is
the problem,  since I have a RADIUS (TCP/UDP:1812-1814) server that is
unresponsive on a unique public and private addresses with DNAT
entries as well, (since radius uses the high ports for response as

All of my rules/files look good as far as I can tell.  Does anyone
have any ideas?  TIA


More information about the Shorewall-users mailing list