[Shorewall-users] DNAT issues

David Ventura Sat, 12 May 2018 04:44:05 -0700

I'm trying to do port forwarding with DNAT and it is working for some
ports. On others I get garbage, example:


DNAT            net             loc:192.168.2.160:443   tcp 444
DNAT            net             loc:192.168.2.160:443   tcp

If I access remotely to my ip:444 I get a proper page served by https. on
443 I get garbage ssl errors.

If I **remove** the 444 rule, I get the same garbage on port 444.
I'm also seeing a lot of 'garbage' requests on my ip on the http server
logs:

....
198.251.55.87 - - [12/May/2018:11:38:21 +0000]
"\xFEl\xE0=v1\x19\xBD(\xA0\x81\xBB-\xC0\x8C.^K`$\xFDij\xDF\xD4\xD8'\xCE\x1Fz.\xF1\xAD\x86\x9B\xA3\xE6J\xC6\x14\x07/vxU\xB7\x94\x9B\xD3\x22\xB2<\x99\x88/\xE6\x12\xE1\xA8\xDB\xC1\xE8<Y\xFD\x98\x15\xD8i\xDF\xE9\x8Ai\x9F\xF3\xF2%R^\xD2\xB1\x9CO\xADe\x04\xD0E\xE6\xD9\x93V\xE15\x0F|K\x07|\xA1e{\x1B\x1EzE\xD5\xFA\x9A3\x13`\x89\xF1{\xC4\xBE\x1BlR\xF9\x86\xB1\x98(\xA8X\xB88=\x96\xD0\xAF\xAC\xB6\x01\xBB\xF6ms\x0Eg\xA5@\xF09\xC6\x99\x14\xD4\xA7\x94\xCA\x80\x1Di\xB1\xE1*+\xEA\x9C\xE9\xE4\x5C\x86\xE0"
400 172 "-" "-"
24.235.161.84 - - [12/May/2018:11:38:31 +0000]
"mi\xC1\xC3\xEC\xDB\xFFX\x0C\x91\xDC:\x83\xBB\x1B\x90%|\xC5>\xDFr\x1EmB\xC0\xB128S`Y\xDD\xF7!\xBB\xD0P\x9F\x8A\x99\x19yE\x11\x1F\xB8\xD0\xD7Z\x982\xEA\x99\x92\x01\x121\x0B@\xAA\xFB\xF5]\xD6\xAA\xB1\xDA\x84z|d7w$d\xF4\xE5\xA1Tx\xF2\xF7q\x10\x8F"
400 172 "-" "-"
151.227.100.118 - - [12/May/2018:11:38:52 +0000] "\x13BitTorrent
protocol\x00\x00\x00\x00\x00\x10\x00\x05\xC4\xA2\x1A\xBD\x8E
\xED\xAC\xC8\xD1\x1C\xD8\xBCb\xFDmw/\x9Dp-UM1870-\xDE\xAA\x07\xC8wH\xFA)\xEA\x88(\xF3"
400 172 "-" "-"
...

Other ports like mumble  (64738, udp) work fine.

What is going on? My setup is sadly double nat as my isp only provides me
with 192.168.1.0/24. The router is on a DMZ on the ISP modem.


-- 
*Stack* is the new term for "I have no idea what I'm actually using".

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] DNAT issues

Reply via email to