# quick shorewall question

## ToadMan8

I have a huge network with many subnets on it.  One subnet is inaccessable from the Internet due to firewall rules.  Another subnet that IS accessable from the Internet has a machine running Shorewall on it.  I am looking to be able to route all connections on port 222 of that Internet accessable machine to port 22 of the machine inaccessable from the Internet.  (It'll just forward on my SSH connections).  

I have the following rule:

```
DNAT:info       net     net:134.53.80.93:22     tcp     222
```

Which seems to be working according to the first line of this log entry on a connection attempt:

```
Nov  1 23:32:17 moscluster Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:c0:4f:1e:f2:78:00:11:25:aa:28:52:08:00 SRC=69.133.124.80 DST=134.53.5.117 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=35718 DF PROTO=TCP SPT=59436 DPT=222 WINDOW=5840 RES=0x00 SYN URGP=0
```

However, the second log entry:

```
Nov  1 23:32:17 moscluster Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=69.133.124.80 DST=134.53.80.93 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=35718 DF PROTO=TCP SPT=59436 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
```

 shows the connection being rejected.  I am not sure why this is being rejected.  Any ideas?

----------

## ToadMan8

::bump::

::sniffle::  :Wink: 

----------

