Hello world, I have a fresh installed firewall with shorewall (vesion:
5.1.10.2) on fedora server (firewalld is disabled) and I want to do a DNAT from
net zone to lan zone for a xmpp server inside the lan.
This is my "zones" file:
#ZONE TYPE
fw firewall
net ipv4
lan ipv4
"interfaces" file:
?FORMAT 2
###
#ZONE INTERFACE OPTIONS
net enp2s0
lan enp3s0
"policy" file:
#SOURCE DEST POLICY LOGLEVEL RATE CONNLIMIT
fw all ACCEPT
lan fw ACCEPT info
lan net ACCEPT info
net fw DROP info
net lan DROP info
"rules" file:
?SECTION NEW
ACCEPT lan fw tcp 22
DNAT net lan:10.0.9.103:5222 tcp 5222
dmesg output:
[1060728.293989] net-fw DROP IN=enp2s0 OUT=
MAC=70:62:b8:b5:50:e4:00:23:3e:87:df:d6:08:00 SRC=61.177.172.57
DST=190.108.89.85 LEN=60 TOS=0x08 PREC=0x40 TTL=51 ID=36847 DF PROTO=TCP
SPT=61698 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
[1060730.298005] net-fw DROP IN=enp2s0 OUT=
MAC=70:62:b8:b5:50:e4:00:23:3e:87:df:d6:08:00 SRC=61.177.172.57
DST=190.108.89.85 LEN=60 TOS=0x08 PREC=0x40 TTL=51 ID=36848 DF PROTO=TCP
SPT=61698 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
---
Ing. Alex Irmel Oviedo Solis
Especialista en Servicios GNU/Linux
Correo electrónico: alex...@alexove.me (mailto:alex...@alexove.me)
Celular Bitel : 930328402
Celular Claro: 959625001
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
