holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add UDP tip to DNAT solutions

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2018-12-13 10:33:11 -08:00
parent 668cb6deda
commit 2b6d657fb0
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/FAQ.xml
View File

@ -244,9 +244,25 @@ DNAT net:<emphasis>address</emphasis> loc:<emphasis>local-IP-address</empha
work</title> work</title>
<para><emphasis role="bold">Answer:</emphasis> That is usually the <para><emphasis role="bold">Answer:</emphasis> That is usually the
result of one of four things:</para> result of one of five things:</para>
<itemizedlist> <itemizedlist>
<listitem>
<para>You are trying to redirect a UDP port and there is already a
conntrack table entry for the flow, created via an ACCEPT
rule.</para>
<para>Example:</para>
<programlisting> DNAT loc:192.168.0.2 dmz:192.168.1.3 udp 53</programlisting>
<para>Assuming that you have installed the
<emphasis>conntrack</emphasis> package, you can delete all such
conntrack table entries using:</para>
<programlisting> conntrack -D -s 192.168.0.2 -p udp --dport 53</programlisting>
</listitem>
<listitem> <listitem>
<para>You are trying to test from inside your firewall (no, that <para>You are trying to test from inside your firewall (no, that
won't work -- see <xref linkend="faq2"/>).</para> won't work -- see <xref linkend="faq2"/>).</para>