On Wed, 12 Apr 2023 09:44:11 +0200 Olivier Sannier <obo...@gmail.com> wrote:
> Le 07/04/2023 à 09꞉33, Olivier Sannier a écrit : > > So I tried this rule: > > > > DNAT:INFO:mqtt loc $FW:127.0.0.1:1883 tcp 1883 > > - &enp4s0 > > > > And it gives me the "martian sources" error that I already > > mentioned > > Well, as it turns out, this is because I'm targeting a local IP > address and the kernel considers 127/8 as a martian by default. > Setting net.ipv4.conf.all.route_localnet to 1 with sysctl allows > local routing and then this rule works just fine. > > I could not find a setting for this in shorewall.conf, but it's easy > enough to have it applied at every boot, so I'm fine. You can add that config to /etc/sysctl.d/50-local.conf for example. -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
