[Shorewall-users] Port Forwarding, followed all the forums and FAQs

Tom Eastep teastep at shorewall.net
Fri Mar 11 10:14:30 PST 2005


Tom Eastep wrote:
> Robert G.Walden wrote:
> 
>>I apologize before  hand for my newbie question, but I have done the research and I still cant find a solution. 
>>Shoreline 1.4.8
> 
> 
> Please upgrade at your earliest convenience -- Shorewall 1.4 is no
> longer supported.
> 
> 
>>Problem: Firewall isent allowing me to port forward to server
>>Port Open = 3389 (RDP)
>>Line added for Port Forwarding:DNAT    net    loc:192.168.42.5  tcp 3389 
>>Error Produced: 
>>
>>Mar 11 06:37:40 net2allROP:IN=ppp0 OUT=eth1 SRC=64.x.x.xxx DST=192.168.42.2 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=42157 DF PROTO=TCP SPT=58605 DPT=3389 WINDOW=64512 RES=0x00 SYN URGP=0
>>
>> 
>>
>>Shorewall restart
>>
>> 
>>
>>I have no idea why the firewall isent port forwarding as stated in this line.  Any ideas???  Any help is more then welcomed.  Internet connectivity is fine. 
> 
> 
> Please read http://shorewall.net/support.htm for information about how
> to submit a problem report. Pay particular attention to the part that
> begins THIS IS IMPORTANT!.
> 

Before you do that though, here is something to check. The destination
IP address is being rewritten to 192.168.42.2 but your DNAT rule
specifies 192.168.42.5. This means that the address is being rewritten
BEFORE the packet passes through the 'nat' table DNAT rule generated by
your rule. In Shorewall 1.4, by default entries in /etc/shorewall/nat
were applied BEFORE entries in the rules file; do you have an entry for
64.x.x.xxx <-> 192.168.42.2 in your /etc/shorewall/nat file?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


More information about the Shorewall-users mailing list