Hi, I have the following setup: -Shorewall box with two NICs (One Internet and one Local). -Shorewall box local IP is 192.168.1.254 -Web server at one of the Local PCs (192.168.1.100), setup is (rules): DNAT net loc:192.168.1.100 tcp http -Web server at shorewall box (fw) The local PC web server works fine, what I''m trying to do is when someone hit http://www.mydomain.com:8000, it will be forwarded (redirected) to shorewall box''s Web Server. So far I tried (with no luck): DNAT net loc:192.168.1.254:80 tcp 8000 DNAT net fw:192.168.1.254:80 tcp 8000 Any help is highly appreciated. Regards. __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information
On Tuesday 25 October 2005 10:39, Samy Antoun wrote:> > The local PC web server works fine, what I''m trying to do is when > someone hit http://www.mydomain.com:8000, it will be forwarded > (redirected) to shorewall box''s Web Server. > > So far I tried (with no luck): > DNAT net loc:192.168.1.254:80 tcp 8000 > DNAT net fw:192.168.1.254:80 tcp 8000 >Your second rule is the correct one. Can you access the Webserver on your firewall from the local network (using the 192.1568.1.254 address)? One final comment -- running an internet-accessible web server on your firewall isn''t something I would recommend (In fact, running any internet-accessible server on your firewall is very risky). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
--- Tom Eastep <teastep@shorewall.net> wrote:> Your second rule is the correct one. Can you access the Webserver on > your > firewall from the local network (using the 192.1568.1.254 address)?Yes> One final comment -- running an internet-accessible web server on > your > firewall isn''t something I would recommend (In fact, running any > internet-accessible server on your firewall is very risky).I agree, but I''m stuck with this setup: Asterisk at Home (Asterisk PBX with extras) with shorewall on the same box acting as a router, gateway and firewall. I need to expose the Asterisk to the Internet due to some NAT issues with RTP __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information
On Tuesday 25 October 2005 11:03, Samy Antoun wrote:> --- Tom Eastep <teastep@shorewall.net> wrote: > > Your second rule is the correct one. Can you access the Webserver on > > your > > firewall from the local network (using the 192.1568.1.254 address)? > > Yes >Then you need to apply the DNAT debugging tips in Shorewall FAQs 1a and 1b. Not all of the tips will apply because you are running the server on the firewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Tuesday 25 October 2005 11:08, Tom Eastep wrote:> On Tuesday 25 October 2005 11:03, Samy Antoun wrote: > > --- Tom Eastep <teastep@shorewall.net> wrote: > > > Your second rule is the correct one. Can you access the Webserver on > > > your > > > firewall from the local network (using the 192.1568.1.254 address)? > > > > Yes > > Then you need to apply the DNAT debugging tips in Shorewall FAQs 1a and 1b. > Not all of the tips will apply because you are running the server on the > firewall.FWIW, it works for me -- see http://gateway.shorewall.net:8000 which I will leave up for a short time. Rule: DNAT net fw:192.168.1.254:80 tcp 8000 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
--- Tom Eastep <teastep@shorewall.net> wrote:> Then you need to apply the DNAT debugging tips in Shorewall FAQs 1a > and 1b. > Not all of the tips will apply because you are running the server on > the > firewall.Tom, it works !!!. Thank you for your help. Regards. __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information