Re: [Shorewall-users] DNAT rules

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Costantino wrote:
> I'll try to trick the server by renaming the zip file to .DAT
> Just rename it back before un-zipping.

You could also use gzip or bzip2.

The instructions at http://www.shorewall.net/support.htm clearly tell
you to try the failing connection (in your case DNAT) before capturing
the output of "shorewall status". Assuming that you did that, the
requests are never reaching your firewall (Note the "0" in the "pkts"
column below):

NAT Table

Chain PREROUTING (policy ACCEPT 981K packets, 76M bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 net_dnat   all  --  eth0   *       0.0.0.0/0
0.0.0.0/0

Your firewall cannot redirect connections that don't go through it.

If you didn't try the failing connection before capturing the "shorewall
status" output then, once again, please follow the troubleshooting
instructions in FAQs 1a and 2b. Until you are able to see the connection
requests reach your firewall, no amount of changing your Shorewall
configuration is going to have any effect.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ te...@sh...
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key