Il 16/09/22 16:59, Tim Taylor ha scritto:
From "SW:net-fw:DROP" it's clear your shorwall is _DROPPING_ inbound traffic (from "net" to your Firewall "fw").[...]I am trying to get port 443 to NAT to a server in my DMZ.I can telnet to 443 from inside, I can telnet to 443 from the firewall, but I get this when trying to telnet to 443PhxFw1 kernel: SW:net-fw:DROP: IN=bond-ext.5 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=xx.xx.xx.xx DST=xx,xx,xx,xx LEN=52 TOS=0x08 PREC=0x20 TTL=113 ID=38052 DF PROTO=TCP SPT=9466 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 MARK=0x500
I bet you have *NOT* properly configured the DNAT rule. After carefully reviewing this: https://shorewall.org/two-interface.htm#DNATand ensuring you configured everything accordingly... if problems still persist, please, report here the specific configuration line in your FW (rules, I guess).
Bye,
DV
--
Damiano Verzulli
e-mail:dami...@verzulli.it
---
possible?ok:while(!possible){open_mindedness++}
---
"...I realized that free software would not generate the kind of
income that was needed. Maybe in USA or Europe, you may be able
to get a well paying job as a free software developer, but not
here [in Africa]..." -- Guido Sohne - 1973-2008
http://ole.kenic.or.ke/pipermail/skunkworks/2008-April/005989.html
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
