[Firewall] Other NAT rules fail when source specific rule is added

Alex Aune lists at aewne.net
Fri Sep 20 14:03:59 CEST 2013


Hi everyone,

I had some downtime at work the other day so decided to try and work 
around the firewall here to give myself shell access at home using port 
443. I already have a webserver running on 443 so I had a go with 
setting up a source specific NAT rule.
Now, as soon as I added 1.2.3.4/30~443>10.0.0.1~22 (to NAT_FORWARD_TCP) 
my more general rule of 80,443>10.0.0.18 no longer works. If I run 
"telnet aewne.net 443" I am greeted by the OpenSSH server, even when 
traffic is not originating from the same IP address/subnet in the rule.
However, if I add a source/subnet declaration (0/0~80,443>10.0.0.18) it 
works like it should.

Is this a known issue?

I'm using 2.0.1d (-r2 version of the Gentoo ebuild) with coreutils 8.21.

Regards,
Alex


More information about the Firewall mailing list