Forums

Resolved
0 votes
I have used the 1 to 1 Nat for a long time. I am using the latest version of ClearOS.

When I enable public ip to point port 22 tcp to private ip 10.0.0.99, that blocks 10.0.0.99 from getting out on internet. I cannot even ping google.com, but I can ping lan ip.

When I disable it, then I can get on internet. ping google works.

I got to get this port 22 working again. fast.... I dont mind editing configs, if I have detailed instructions, but I mainly rely on the gui.

10.0.0.99 is a windows 10 pro. its ok though.

Thanks,
Thursday, August 08 2019, 06:38 PM
Share this post:
Responses (6)
  • Accepted Answer

    Friday, August 09 2019, 05:25 PM - #Permalink
    Resolved
    0 votes
    Port 20 rule is disabled so I can get on the internet with that server. (so disabled rules in gui doesnt show up?) Its strange because the other nats work fine.

    I wont get back to this problem until Saturday AM tomorrow.

    This install of ClearOS has been around several years. I had several things installed like active directory, dnsthingy (they ssh into my system and did a lot of modifications)

    Maybe a fresh installed will be best.

    Thank you for your assistance.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, August 09 2019, 04:37 PM - #Permalink
    Resolved
    0 votes
    Where is your port 22 rule?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, August 09 2019, 03:44 PM - #Permalink
    Resolved
    0 votes
    I have planned to do a re-install in the morning. I got to have this running good before the students get on campus.

    Here is the outputs.




    [root@firewall ~]# iptables -nvL
    Chain INPUT (policy DROP 40022 packets, 7500K bytes)
    pkts bytes target prot opt in out source destination
    0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set f2b-sshd-ddos src reject-with icmp-port-unreachable
    0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set f2b-sshd src reject-with icmp-port-unreachable
    0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,220,993,110,995 match-set f2b-postfix-sasl src reject-with icmp-port-unreachable
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_INGRESS src
    3933 299K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state RELATED,ESTABLISHED
    0 0 DROP all -- * * 62.112.0.0/16 0.0.0.0/0
    117 12793 DROP all -- * * 62.0.0.0/8 0.0.0.0/0
    106 11794 DROP all -- * * 80.0.0.0/8 0.0.0.0/0
    564 30485 DROP all -- * * 81.0.0.0/8 0.0.0.0/0
    11 868 DROP all -- * * 116.0.0.0/8 0.0.0.0/0
    1 120 DROP all -- * * 163.172.0.0/16 0.0.0.0/0
    32 2500 DROP all -- * * 218.0.0.0/8 0.0.0.0/0
    7199 397K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
    0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
    2775 578K DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
    0 0 DROP all -- ens6f0 * 127.0.0.0/8 0.0.0.0/0
    370K 62M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
    1472K 193M ACCEPT all -- ens6f1 * 0.0.0.0/0 0.0.0.0/0
    192K 13M ACCEPT all -- ens6f2.20 * 0.0.0.0/0 0.0.0.0/0
    912K 53M ACCEPT all -- ens6f2.21 * 0.0.0.0/0 0.0.0.0/0
    251K 14M ACCEPT all -- ens6f2.22 * 0.0.0.0/0 0.0.0.0/0
    267 64934 ACCEPT all -- ens6f2.23 * 0.0.0.0/0 0.0.0.0/0
    1487K 97M ACCEPT all -- ens6f2.24 * 0.0.0.0/0 0.0.0.0/0
    1059K 61M ACCEPT all -- ens6f2.60 * 0.0.0.0/0 0.0.0.0/0
    182 43134 ACCEPT all -- ens6f3.10 * 0.0.0.0/0 0.0.0.0/0
    5031 427K ACCEPT all -- ens6f3.30 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT udp -- eno2.50 * 0.0.0.0/0 10.0.50.1 udp spt:68 dpt:67
    0 0 ACCEPT tcp -- eno2.50 * 0.0.0.0/0 10.0.50.1 tcp spt:68 dpt:67
    6 390 ACCEPT udp -- eno2.50 * 10.0.50.0/24 10.0.50.1 udp dpt:53
    0 0 ACCEPT tcp -- eno2.50 * 10.0.50.0/24 10.0.50.1 tcp dpt:53
    1074 31146 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
    1441 85356 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
    0 0 ACCEPT udp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
    0 0 ACCEPT tcp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
    0 0 ACCEPT udp -- * * 0.0.0.0/0 10.0.50.1 udp dpt:1194
    7 901 ACCEPT udp -- * * 0.0.0.0/0 50.115.255.191 udp dpt:1194
    0 0 ACCEPT udp -- eno2.50 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
    6 3914 ACCEPT tcp -- eno2.50 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
    242K 37M ACCEPT udp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
    3601K 24G ACCEPT tcp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_SELF src,dst,dst
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_EGRESS dst
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_INGRESS src
    13 1259 DROP all -- * * 62.112.0.0/16 0.0.0.0/0
    1228 74876 DROP all -- * * 62.0.0.0/8 0.0.0.0/0
    247 22254 DROP all -- * * 80.0.0.0/8 0.0.0.0/0
    202 14388 DROP all -- * * 81.0.0.0/8 0.0.0.0/0
    1398 84884 DROP all -- * * 116.0.0.0/8 0.0.0.0/0
    7 553 DROP all -- * * 163.172.0.0/16 0.0.0.0/0
    16 5125 DROP all -- * * 218.0.0.0/8 0.0.0.0/0
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.4 icmptype 0
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.4 icmptype 3
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.4 icmptype 8
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.4 icmptype 11
    0 0 DROP icmp -- ens6f0 * 0.0.0.0/0 10.0.30.4
    0 0 ACCEPT tcp -- ens6f0 * 0.0.0.0/0 10.0.30.4 tcp dpt:5060
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.5 icmptype 0
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.5 icmptype 3
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.5 icmptype 8
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.5 icmptype 11
    0 0 DROP icmp -- ens6f0 * 0.0.0.0/0 10.0.30.5
    0 0 ACCEPT tcp -- ens6f0 * 0.0.0.0/0 10.0.30.5 tcp dpt:5555
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.50.2 icmptype 0
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.50.2 icmptype 3
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.50.2 icmptype 8
    0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.50.2 icmptype 11
    0 0 DROP icmp -- ens6f0 * 0.0.0.0/0 10.0.50.2
    0 0 ACCEPT tcp -- ens6f0 * 0.0.0.0/0 10.0.50.2 tcp dpt:80
    3 132 ACCEPT icmp -- * * 10.0.50.0/24 0.0.0.0/0 icmptype 0
    0 0 ACCEPT icmp -- * * 0.0.0.0/0 10.0.50.0/24 icmptype 0
    6 610 ACCEPT icmp -- * * 10.0.50.0/24 0.0.0.0/0 icmptype 3
    0 0 ACCEPT icmp -- * * 0.0.0.0/0 10.0.50.0/24 icmptype 3
    0 0 ACCEPT icmp -- * * 10.0.50.0/24 0.0.0.0/0 icmptype 8
    759 33396 ACCEPT icmp -- * * 0.0.0.0/0 10.0.50.0/24 icmptype 8
    0 0 ACCEPT icmp -- * * 10.0.50.0/24 0.0.0.0/0 icmptype 11
    0 0 ACCEPT icmp -- * * 0.0.0.0/0 10.0.50.0/24 icmptype 11
    0 0 DROP icmp -- * * 10.0.50.0/24 0.0.0.0/0
    0 0 DROP icmp -- * * 0.0.0.0/0 10.0.50.0/24
    59 2360 ACCEPT all -- * * 10.0.50.0/24 10.0.0.0/22 state RELATED,ESTABLISHED
    0 0 DROP all -- * * 10.0.50.0/24 10.0.0.0/22
    1577 97758 ACCEPT all -- * * 10.0.0.0/22 10.0.50.0/24
    0 0 ACCEPT all -- * * 10.0.50.0/24 10.0.20.0/23 state RELATED,ESTABLISHED
    0 0 DROP all -- * * 10.0.50.0/24 10.0.20.0/23
    0 0 ACCEPT all -- * * 10.0.20.0/23 10.0.50.0/24
    0 0 ACCEPT all -- * * 10.0.50.0/24 10.21.0.0/23 state RELATED,ESTABLISHED
    0 0 DROP all -- * * 10.0.50.0/24 10.21.0.0/23
    0 0 ACCEPT all -- * * 10.21.0.0/23 10.0.50.0/24
    0 0 ACCEPT all -- * * 10.0.50.0/24 10.22.0.0/23 state RELATED,ESTABLISHED
    0 0 DROP all -- * * 10.0.50.0/24 10.22.0.0/23
    0 0 ACCEPT all -- * * 10.22.0.0/23 10.0.50.0/24
    0 0 ACCEPT all -- * * 10.0.50.0/24 10.23.0.0/24 state RELATED,ESTABLISHED
    0 0 DROP all -- * * 10.0.50.0/24 10.23.0.0/24
    0 0 ACCEPT all -- * * 10.23.0.0/24 10.0.50.0/24
    0 0 ACCEPT all -- * * 10.0.50.0/24 10.24.0.0/23 state RELATED,ESTABLISHED
    0 0 DROP all -- * * 10.0.50.0/24 10.24.0.0/23
    0 0 ACCEPT all -- * * 10.24.0.0/23 10.0.50.0/24
    0 0 ACCEPT all -- * * 10.0.50.0/24 10.60.0.0/22 state RELATED,ESTABLISHED
    0 0 DROP all -- * * 10.0.50.0/24 10.60.0.0/22
    0 0 ACCEPT all -- * * 10.60.0.0/22 10.0.50.0/24
    0 0 ACCEPT all -- * * 10.0.50.0/24 10.0.10.0/24 state RELATED,ESTABLISHED
    0 0 DROP all -- * * 10.0.50.0/24 10.0.10.0/24
    0 0 ACCEPT all -- * * 10.0.10.0/24 10.0.50.0/24
    0 0 ACCEPT all -- * * 10.0.50.0/24 10.0.30.0/24 state RELATED,ESTABLISHED
    0 0 DROP all -- * * 10.0.50.0/24 10.0.30.0/24
    0 0 ACCEPT all -- * * 10.0.30.0/24 10.0.50.0/24
    114M 178G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    63 3780 ACCEPT all -- eno2.50 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
    218K 90M ACCEPT all -- ens6f1 * 0.0.0.0/0 0.0.0.0/0
    15135 1317K ACCEPT all -- ens6f2.20 * 0.0.0.0/0 0.0.0.0/0
    43233 4087K ACCEPT all -- ens6f2.21 * 0.0.0.0/0 0.0.0.0/0
    28044 2404K ACCEPT all -- ens6f2.22 * 0.0.0.0/0 0.0.0.0/0
    23 1340 ACCEPT all -- ens6f2.23 * 0.0.0.0/0 0.0.0.0/0
    107K 11M ACCEPT all -- ens6f2.24 * 0.0.0.0/0 0.0.0.0/0
    63218 5461K ACCEPT all -- ens6f2.60 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- ens6f3.10 * 0.0.0.0/0 0.0.0.0/0
    52568 33M ACCEPT all -- ens6f3.30 * 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_SELF src,dst,dst
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_EGRESS dst
    0 0 DROP all -- * * 0.0.0.0/0 62.112.0.0/16
    0 0 DROP all -- * * 0.0.0.0/0 62.0.0.0/8
    0 0 DROP all -- * * 0.0.0.0/0 80.0.0.0/8
    0 0 DROP all -- * * 0.0.0.0/0 81.0.0.0/8
    0 0 DROP all -- * * 0.0.0.0/0 116.0.0.0/8
    0 0 DROP all -- * * 0.0.0.0/0 163.172.0.0/16
    0 0 DROP all -- * * 0.0.0.0/0 218.0.0.0/8
    368K 62M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
    1013K 3468M ACCEPT all -- * ens6f1 0.0.0.0/0 0.0.0.0/0
    180K 516M ACCEPT all -- * ens6f2.20 0.0.0.0/0 0.0.0.0/0
    1239K 3421M ACCEPT all -- * ens6f2.21 0.0.0.0/0 0.0.0.0/0
    218K 618M ACCEPT all -- * ens6f2.22 0.0.0.0/0 0.0.0.0/0
    303 67989 ACCEPT all -- * ens6f2.23 0.0.0.0/0 0.0.0.0/0
    3283K 14G ACCEPT all -- * ens6f2.24 0.0.0.0/0 0.0.0.0/0
    1015K 2730M ACCEPT all -- * ens6f2.60 0.0.0.0/0 0.0.0.0/0
    182 43134 ACCEPT all -- * ens6f3.10 0.0.0.0/0 0.0.0.0/0
    5069 1578K ACCEPT all -- * ens6f3.30 0.0.0.0/0 0.0.0.0/0
    36335 4613K ACCEPT icmp -- * ens6f0 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT udp -- * ens6f0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
    0 0 ACCEPT tcp -- * ens6f0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
    0 0 ACCEPT udp -- * eno2.50 10.0.50.1 0.0.0.0/0 udp spt:1194
    5 387 ACCEPT udp -- * ens6f0 50.115.255.191 0.0.0.0/0 udp spt:1194
    12 1440 ACCEPT all -- * eno2.50 0.0.0.0/0 0.0.0.0/0
    1952K 145M ACCEPT all -- * ens6f0 0.0.0.0/0 0.0.0.0/0

    Chain DROP-lan (0 references)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
    [root@firewall ~]# iptables -nvL -t nat
    Chain PREROUTING (policy ACCEPT 4570K packets, 1294M bytes)
    pkts bytes target prot opt in out source destination
    0 0 DNAT tcp -- * * 0.0.0.0/0 50.115.255.193 tcp dpt:5060 to:10.0.30.4
    0 0 DNAT tcp -- * * 0.0.0.0/0 50.115.255.195 tcp dpt:5555 to:10.0.30.5
    0 0 DNAT tcp -- * * 0.0.0.0/0 50.115.255.192 tcp dpt:80 to:10.0.50.2
    10 520 ACCEPT tcp -- * * 0.0.0.0/0 10.0.0.1 tcp dpt:80
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.0.20.1 tcp dpt:80
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.21.0.1 tcp dpt:80
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.22.0.1 tcp dpt:80
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.23.0.1 tcp dpt:80
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.24.0.1 tcp dpt:80
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.60.0.1 tcp dpt:80
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.0.10.1 tcp dpt:80
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.0.30.1 tcp dpt:80
    21 908 ACCEPT tcp -- * * 0.0.0.0/0 50.115.255.191 tcp dpt:80
    7761 416K REDIRECT tcp -- ens6f1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
    579 37036 REDIRECT tcp -- ens6f2.20 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
    2790 171K REDIRECT tcp -- ens6f2.21 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
    318 18100 REDIRECT tcp -- ens6f2.22 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
    6 360 REDIRECT tcp -- ens6f2.23 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
    1507 89616 REDIRECT tcp -- ens6f2.24 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
    1425 89230 REDIRECT tcp -- ens6f2.60 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
    0 0 REDIRECT tcp -- ens6f3.10 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
    2 120 REDIRECT tcp -- ens6f3.30 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128

    Chain INPUT (policy ACCEPT 457K packets, 67M bytes)
    pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 443K packets, 37M bytes)
    pkts bytes target prot opt in out source destination

    Chain POSTROUTING (policy ACCEPT 207K packets, 20M bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
    1256 87918 SNAT all -- * * 10.0.30.4 0.0.0.0/0 to:50.115.255.193
    0 0 SNAT tcp -- * * 10.0.0.0/22 10.0.30.4 tcp dpt:5060 to:10.0.0.1
    0 0 SNAT tcp -- * * 10.0.20.0/23 10.0.30.4 tcp dpt:5060 to:10.0.20.1
    0 0 SNAT tcp -- * * 10.21.0.0/23 10.0.30.4 tcp dpt:5060 to:10.21.0.1
    0 0 SNAT tcp -- * * 10.22.0.0/23 10.0.30.4 tcp dpt:5060 to:10.22.0.1
    0 0 SNAT tcp -- * * 10.23.0.0/24 10.0.30.4 tcp dpt:5060 to:10.23.0.1
    0 0 SNAT tcp -- * * 10.24.0.0/23 10.0.30.4 tcp dpt:5060 to:10.24.0.1
    0 0 SNAT tcp -- * * 10.60.0.0/22 10.0.30.4 tcp dpt:5060 to:10.60.0.1
    0 0 SNAT tcp -- * * 10.0.10.0/24 10.0.30.4 tcp dpt:5060 to:10.0.10.1
    0 0 SNAT tcp -- * * 10.0.30.0/24 10.0.30.4 tcp dpt:5060 to:10.0.30.1
    0 0 SNAT all -- * * 10.0.30.5 0.0.0.0/0 to:50.115.255.195
    0 0 SNAT tcp -- * * 10.0.0.0/22 10.0.30.5 tcp dpt:5555 to:10.0.0.1
    0 0 SNAT tcp -- * * 10.0.20.0/23 10.0.30.5 tcp dpt:5555 to:10.0.20.1
    0 0 SNAT tcp -- * * 10.21.0.0/23 10.0.30.5 tcp dpt:5555 to:10.21.0.1
    0 0 SNAT tcp -- * * 10.22.0.0/23 10.0.30.5 tcp dpt:5555 to:10.22.0.1
    0 0 SNAT tcp -- * * 10.23.0.0/24 10.0.30.5 tcp dpt:5555 to:10.23.0.1
    0 0 SNAT tcp -- * * 10.24.0.0/23 10.0.30.5 tcp dpt:5555 to:10.24.0.1
    0 0 SNAT tcp -- * * 10.60.0.0/22 10.0.30.5 tcp dpt:5555 to:10.60.0.1
    0 0 SNAT tcp -- * * 10.0.10.0/24 10.0.30.5 tcp dpt:5555 to:10.0.10.1
    0 0 SNAT tcp -- * * 10.0.30.0/24 10.0.30.5 tcp dpt:5555 to:10.0.30.1
    9 540 SNAT all -- * * 10.0.50.2 0.0.0.0/0 to:50.115.255.192
    0 0 SNAT tcp -- * * 10.0.0.0/22 10.0.50.2 tcp dpt:80 to:10.0.0.1
    0 0 SNAT tcp -- * * 10.0.20.0/23 10.0.50.2 tcp dpt:80 to:10.0.20.1
    0 0 SNAT tcp -- * * 10.21.0.0/23 10.0.50.2 tcp dpt:80 to:10.21.0.1
    0 0 SNAT tcp -- * * 10.22.0.0/23 10.0.50.2 tcp dpt:80 to:10.22.0.1
    0 0 SNAT tcp -- * * 10.23.0.0/24 10.0.50.2 tcp dpt:80 to:10.23.0.1
    0 0 SNAT tcp -- * * 10.24.0.0/23 10.0.50.2 tcp dpt:80 to:10.24.0.1
    0 0 SNAT tcp -- * * 10.60.0.0/22 10.0.50.2 tcp dpt:80 to:10.60.0.1
    0 0 SNAT tcp -- * * 10.0.10.0/24 10.0.50.2 tcp dpt:80 to:10.0.10.1
    0 0 SNAT tcp -- * * 10.0.30.0/24 10.0.50.2 tcp dpt:80 to:10.0.30.1
    2 120 ACCEPT all -- * * 10.0.50.0/24 0.0.0.0/0
    479K 59M MASQUERADE all -- * ens6f0 0.0.0.0/0 0.0.0.0/0
    [root@firewall ~]#
    [root@firewall ~]#

    [root@firewall ~]# cat /etc/clearos/network.conf
    # Network mode
    MODE="gateway"

    # Network interface roles
    EXTIF="ens6f0"
    LANIF="ens6f1 ens6f2.20 ens6f2.21 ens6f2.22 ens6f2.23 ens6f2.24 ens6f2.60 ens6f3.10 ens6f3.30"
    DMZIF="eno2.50"
    HOTIF=""

    # Domain and Internet Hostname
    DEFAULT_DOMAIN="crc.lan"
    INTERNET_HOSTNAME="firewall.crc.lan"

    # Extra LANS
    EXTRALANS=""

    # ISP Maximum Speeds
    ENS6F0_MAX_DOWNSTREAM=184970
    ENS6F0_MAX_UPSTREAM=61630
    [root@firewall ~]#



    The reply is currently minimized Show
  • Accepted Answer

    Friday, August 09 2019, 02:51 PM - #Permalink
    Resolved
    0 votes
    Should have been "cat /etc/clearos/network.conf"

    Dave suggested a lising both before and after the rule is enabled so he can see the difference.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 08 2019, 09:49 PM - #Permalink
    Resolved
    0 votes
    cat: /etc/clearos/network: No such file or directory

    I guess you want me to enable the nat rule before I run these commands?
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 08 2019, 08:44 PM - #Permalink
    Resolved
    0 votes
    That doesn't sound right. When did it stop working?

    WHat is the output to:
    iptables -nvL
    iptables -nvL -t nat
    cat /etc/clearos/network
    .... and please put the results between "code" tags.
    The reply is currently minimized Show
Your Reply