-1

I have a bit of a problem with my shorewall setup. Here is a copy of my rules file:

DNAT    fw      wan:172.16.1.224:6999   tcp     80
DNAT    net     wan:172.16.1.218        tcp     7000

And here is my zones:

fw      firewall
wan     ipv4
loc     ipv4
net     ipv4

Here is my policy:

fw all ACCEPT
wan all ACCEPT
loc all ACCEPT
net all ACCEPT

and interfaces:

wan eth2 detect routeback

The first rule, which forwards any requests from port 80 to port 6999 works fine. Now I want to forward traffic from port 7000 on x.x.x.224 to port 7000 on x.x.x.218. The second rule doesn't appear to be working.

tombull89
  • 2,958
  • 8
  • 39
  • 52
Eamorr
  • 596
  • 5
  • 13
  • 27

1 Answers1

2

Your question is missing some detail (maybe). What your first rule does is forward the port 80 on your firewall to some server in the wan zone.

Then you want to forward a port from a server in your wan zone to some other server in your wan zone. This cannot work. I suspect that your firewall is not x.x.x.224

If your firewall is configured to respond to a complete set of IPs (the ones you use for your WAN-Network) then you need to specify the ORIGIGNAL DEST IP. (see man shorewall-rules).

But still this might not work. If from your WAN zone a computer makes a request to another server in the zone, why should the firewall be involved? The traffic does not travel through the interfaces of the firewall.

But from your description it's difficult to be sure, what your setup actually is.

P.S.: For questions about shorewall i would really recommend the shorewall-mailinglist. You usually get very competent answers there. But you have to provide full information about your setup, like a "shorewall dump"

Best regards

Jörg
  • 21
  • 1