There were no Shorewall:forward reject/drop in log?
EDIT:
ok if only nat rule is needed, I assume were no drops in log
As I wrote in my post Shorewall is blocking ping but accept rule is created, why?
i (also) have similar problem but with OUTPUT:REJECT: and don’t know if this possible to accept this in GUI (to have rules in one place) because from bash this should work.
I thought I it should work from GUI but it’s not - something is missing in Gui rule creation (just like here) or I’m making something wrong.