RE: [Shorewall-users] DNAT problems

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

> >
> > I created the following entry in the /etc/shorewall/nat file:
> > 12.148.248.99   eth0    10.10.1.60      No      No
> >
> > And then added the rule:
> > DNAT  net  loc:10.10.1.60  tcp  443  -  12.148.248.99
> >
>=20
> Two things:
>=20
> a) Are you going to use port forwarding or static NAT? You=20
> are trying to=20
> use both at the same time.

I would like to use static NAT and then only allow traffic to specific =
ports
on these systems.

>=20
> b) The status output that you included shows that you don't=20
> have the DNAT=20
> rule that you show above but that you rather have:
>=20
> DNAT	net:12.148.248.98	loc:10.10.1.60	tcp	443=09
> -	12.148.248.99
>=20
This may have been one of my access tests from a system outside the
firewall. This is not how I currently have the rule set. The current =
rule is

DNAT  net  loc:10.10.1.60  tcp  443     -       12.148.248.99

I have been looking at your configuration located at
http://www.shorewall.net/myfiles.htm but I am still not having any =
success
.... I think that I am completely turned around.

Graeme