I am having trouble getting a DNAT to work like so:
DNAT net:+cust_eth2 colo:PPP.PPP.P.PPP:22 tcp 2222 - XXX.XXX.XX.XX
snipped config files:
net eth2 detect
# ipset -L
Header: hashsize: 1024 probes: 8 resize: 50
When I connect from the the ip .87.173 as listed in the ipset, it doesn't work as per this log message:
Shorewall:cust2fw:REJECT:IN=eth2 OUT= MAC=0000000000 SRC=XXX.XX.87.173 DST=XXX.XXX.XXX.XX LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=5116 DF PROTO=TCP SPT=52521 DPT=2222 WINDOW=8192 RES=0x00 SYN URGP=0
I also tried in hosts:
Weird thing is, if I remove the ipset restriction on the DNAT, it still blocks me, until I remove my ip from the ipset.
Any pointers? have I missed something obvious. I know the logmsg says cust2fw, but I assume thats because the DNAT is failing to add and accompanying ACCEPT rule for the ipset. No idea why though.
thanks in advance!