Re: [Shorewall-users] Problem with DNAT for xmpp

Huy Bui Thu, 17 May 2018 02:56:12 -0700

Hi Alex,
What's the problem do you encounter? Have you try to access your xmpp
server from outside?
Those drop message from dmesg output are for port 22(ssh server) to your
server. You will get a lot of these since people will try to hack your
server from the net for SSH access all the time because your policy said to
log all drop packets
Huy


On 17 May 2018 at 00:30, Alex Irmel Oviedo Solis <alex...@alexove.me> wrote:

> Hello world, I have a fresh installed firewall with shorewall (vesion:
> 5.1.10.2) on fedora server (firewalld is disabled) and I want to do a DNAT
> from net zone to lan zone for a xmpp server inside the lan.
>
> This is my "zones" file:
> #ZONE           TYPE
> fw              firewall
> net             ipv4
> lan             ipv4
>
> "interfaces" file:
> ?FORMAT 2
> ###
> #ZONE           INTERFACE               OPTIONS
> net             enp2s0
> lan             enp3s0
>
> "policy" file:
> #SOURCE         DEST            POLICY  LOGLEVEL        RATE    CONNLIMIT
> fw              all             ACCEPT
> lan             fw              ACCEPT  info
> lan             net             ACCEPT  info
> net             fw              DROP    info
> net             lan             DROP    info
>
> "rules" file:
> ?SECTION NEW
> ACCEPT          lan             fw              tcp     22
> DNAT            net             lan:10.0.9.103:5222  tcp     5222
>
> dmesg output:
> [1060728.293989] net-fw DROP IN=enp2s0 OUT= 
> MAC=70:62:b8:b5:50:e4:00:23:3e:87:df:d6:08:00
> SRC=61.177.172.57 DST=190.108.89.85 LEN=60 TOS=0x08 PREC=0x40 TTL=51
> ID=36847 DF PROTO=TCP SPT=61698 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
> [1060730.298005] net-fw DROP IN=enp2s0 OUT= 
> MAC=70:62:b8:b5:50:e4:00:23:3e:87:df:d6:08:00
> SRC=61.177.172.57 DST=190.108.89.85 LEN=60 TOS=0x08 PREC=0x40 TTL=51
> ID=36848 DF PROTO=TCP SPT=61698 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
>
>
> ---
> Ing. Alex Irmel Oviedo Solis
> Especialista en Servicios GNU/Linux
> Correo electrónico: alex...@alexove.me
> Celular Bitel : 930328402
> Celular Claro: 959625001
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Problem with DNAT for xmpp

Reply via email to