I am having problems allowing access to a single server/port situated on lan.
I have a standard 3 zones (lan, wan & dmz) and I can forward requests from wan/lan to servers on dmz; that part seems to work.
I also have a single server (a git repo, accessible through ssh on non-standard port) on lan which should be accessible from both dmz and wan (ssh is already key-only and will be converted to git-shell as soon as this works).
I tried several things, current status is:
firewall.@redirect[2]=redirect
firewall.@redirect[2].dest='lan'
firewall.@redirect[2].target='DNAT'
firewall.@redirect[2].name='git'
firewall.@redirect[2].src='wan'
firewall.@redirect[2].src_dport='17022'
firewall.@redirect[2].dest_ip='192.168.7.90'
firewall.@redirect[2].dest_port='17022'
...
firewall.@rule[9]=rule
firewall.@rule[9].name='Allow-GIT-from-DMZ'
firewall.@rule[9].src='dmz'
firewall.@rule[9].dest='lan'
firewall.@rule[9].dest_ip='192.168.7.90'
firewall.@rule[9].dest_port='17022'
firewall.@rule[9].target='ACCEPT'
firewall.@rule[9].src_ip='192.168.9.110'
192.168.7.90:17022 is git server on lan and 192.168.9.110 is the web server on dmz who needs access to git also.
Nothing seems to work and a: tail -f /proc/net/nf_conntrack | grep 17022 shows absolutely nothing.
I'm reading wiki pages since a few days but I didn't find how to solve problem.
Please help.