On Fri, Sep 16, 2022 at 02:59:50PM +0000, Tim Taylor wrote: > I do not know if this is the correct place, but I am looking for assistance. > If this is not the right place, or if there is a better place, I would > appreciate any assistance. > I am very new to Shorewall, and inherited it from a previous employee. > I am trying to get port 443 to NAT to a server in my DMZ. > I can telnet to 443 from inside, I can telnet to 443 from the firewall, but > I get this when trying to telnet to 443 > PhxFw1 kernel: SW:net-fw:DROP: IN=bond-ext.5 OUT= > MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=xx.xx.xx.xx > DST=xx,xx,xx,xx LEN=52 TOS=0x08 PREC=0x20 TTL=113 ID=38052 DF PROTO=TCP > SPT=9466 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 MARK=0x500 > The SRC is my external ip of my workstation. The DST is the external ip on > the firewall.
You'll probably need to show at least the most relevant parts of your configuration. Like ./interface and ./rules. And describe the network. What interface is the packet intended to be leaving ? Do you have forwarding enabled ? https://shorewall.org/two-interface.htm#DNAT + FAQ -- Justin _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
