[Firewall] Other NAT rules fail when source specific rule is added

Alex Aune lists at aewne.net
Fri Sep 20 14:03:59 CEST 2013

Hi everyone,

I had some downtime at work the other day so decided to try and work 
around the firewall here to give myself shell access at home using port 
443. I already have a webserver running on 443 so I had a go with 
setting up a source specific NAT rule.
Now, as soon as I added> (to NAT_FORWARD_TCP) 
my more general rule of 80,443> no longer works. If I run 
"telnet aewne.net 443" I am greeted by the OpenSSH server, even when 
traffic is not originating from the same IP address/subnet in the rule.
However, if I add a source/subnet declaration (0/0~80,443> it 
works like it should.

Is this a known issue?

I'm using 2.0.1d (-r2 version of the Gentoo ebuild) with coreutils 8.21.


More information about the Firewall mailing list