[Security Firewall] DNAT Problem

[Nigel Ayen]

I have a MySQL server on my LAN that I need to access from the Internet.
I setup a DNAT rule WAN-->LAN:192.168.0.134 for mysql (port 3306). It
does not work. I know that the MySQL server is accepting connections
because I can connect to it from any PC on my LAN. Is there anything
else I need to setup to get this to work from the WAN zone (Internet)?

-Nigel

/etc/shorewall/zones:lan        LAN     local_area_network
/etc/shorewall/zones:dmz        DMZ     demilitarized_zone
/etc/shorewall/zones:wan        NET     internet
/etc/shorewall/zones:wifi       WIFI    wireless
/etc/shorewall/interfaces:lan   eth0    detect
/etc/shorewall/interfaces:wan   eth1    detect
/etc/shorewall/masq:eth1:0.0.0.0/0      192.168.0.0/24
/etc/shorewall/policy:lan       all     REJECT  info
/etc/shorewall/policy:dmz       all     REJECT  info
/etc/shorewall/policy:fw        all     REJECT  info
/etc/shorewall/policy:wan       all     DROP    info
/etc/shorewall/policy:wifi      all     REJECT  info
/etc/shorewall/policy:all       all     REJECT  info
/etc/shorewall/rules:ACCEPT     fw      wan     tcp     53      -
-               # dns_queries
/etc/shorewall/rules:ACCEPT     fw      wan     udp     53      -
-               # dns_queries
/etc/shorewall/rules:ACCEPT     dmz     wan     udp     53      -
-               # dns_queries
/etc/shorewall/rules:ACCEPT     lan     wan     udp     53      -
-               # dns_queries
/etc/shorewall/rules:ACCEPT     wifi    wan     udp     53      -
-               # dns_queries
/etc/shorewall/rules:REJECT     wan     fw      tcp     113     -
-               # ident_port
/etc/shorewall/rules:ACCEPT     lan     fw      tcp     22      -
-               # ssh_port
/etc/shorewall/rules:ACCEPT     wan     fw      tcp     8443    -
-               # mnf_web_admin_port
/etc/shorewall/rules:ACCEPT     lan     fw      tcp     8443    -
-               # mnf_web_admin_port
/etc/shorewall/rules:ACCEPT     fw      wan     icmp    8       -
-               # ping
/etc/shorewall/rules:ACCEPT     fw      lan     icmp    8       -
-               # ping
/etc/shorewall/rules:ACCEPT     lan     fw      icmp    8       -
-               # ping
/etc/shorewall/rules:ACCEPT     lan     dmz     icmp    8       -
-               # ping
/etc/shorewall/rules:ACCEPT     dmz     lan     icmp    8       -
-               # ping
/etc/shorewall/rules:ACCEPT     dmz     fw      icmp    8       -
-               # ping
/etc/shorewall/rules:ACCEPT     fw      dmz     icmp    8       -
-               # ping
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     pop3    -
-               # receive_mail
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     smtp    -
-               # send_mail
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     http    -
-               # web_surfing
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     https   -
-               # secure_web_surfing
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     ssh     -
-               # ssh
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     ftp     -
-               # ftp
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     nntp    -
-               # news
/etc/shorewall/rules:ACCEPT     fw      wan     udp     ntp     -
-               # time_synchronisation
/etc/shorewall/rules:ACCEPT     lan     wan     tcp     imap    -
-               # internet_mail
/etc/shorewall/rules:ACCEPT     wan     fw      tcp     ssh     -
-               # WAN_2_FW_SSH
/etc/shorewall/rules:DNAT       wan     lan:192.168.0.134       tcp
mysql   -       -               # MySQL_Server

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________