I would like to redirect port 8140 on my public IP address (ip1) to port 8140 on Internet host (ip2)

Question

edit3:

i would like to get exactly what is descripted in http://shorewall.net/FAQ.htm#faq1g but it doesn't work for me.

edit3 end;

os: debian squeeze shorwall: 4.4.11.6-3

3 computers a, b & c; shorewall is on computer b i would like to dnat port 8140 from b->c, so computer a can connect to b and will be dnated to c followed the faq 1g (thanks go out to omache) http://www.shorewall.net/FAQ.htm#faq1g. rules, interfaces, masq set according the faq

the direct connections work:

a->b   a->b->b(temp rule: DNAT:debug   net   fw:ip.of.computer.b:80   tcp   8140   -   -)
b->c   
a->c

regular shorwall rules on computer b:

DNAT:debug   net   net:ip.of.computer.c:8140   tcp   8140   -   ip.of.computer.b
DNAT:debug   $FW   net:ip.of.computer.c:8140   tcp   8140   -   ip.of.computer.b

so dnating should work. according the faqs i debugged the dnat. package count increases.

is the problem the http://www.shorewall.net/FAQ.htm#faq1a "dropping the outbound SYN,ACK response." how to debug this? shouldn't then also the b->c and a->c direct connections be a problem or do they work without syn,ack

a->b->c    does not work
b->b->c    does work

log entry from the a->b->c connection

Oct 11 03:34:03 servername kernel: [3457359.671611] Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=-SNIP- SRC=ip.of.computer.a DST=ip.of.computer.b LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=49585 DF PROTO=TCP SPT=60499 DPT=8140 WINDOW=5840 RES=0x00 SYN URGP=0

edit1:

made more debugging tests, thanks go again to omache.

tcpdump 'ip host A or B or C and not (port ssh or http or smtp or pop3)' tcpdump 'ip host A or B or D and not (port ssh or smtp or pop3)'

A->B->C (dnat): shows incomming traffic but nothing goes out to C B->B->C (local dnat): works and traffic is shown going to C

it is not the syn, ack problem, i made a test with a forth host D and exchanged C with D, D is a server which is able to reply ACK and SYN

i double checked the faq info, this is the content of my affected files:

rule

DNAT:debug   net     net:$HOST_IP_D:80 tcp  8140 -  $HOST_IP_B

interfaces

net     eth0    detect   tcpflags,logmartians,nosmurfs,routeback

masq

eth0:$HOST_IP_D  0.0.0.0/0   $HOST_IP_B  tcp          80

score 0 · Accepted Answer · answered Oct 12 '11 at 04:24

0

the shorewall mailinglist helped (thanks go out to tom)

shorwall.conf

IP_FORWARDING=On

answered Oct 12 '11 at 04:24

c33s

1,465
3
20
39

I would like to redirect port 8140 on my public IP address (ip1) to port 8140 on Internet host (ip2)

1 Answers1