Guys,
I have a basic shorewall setup ( two interface , eth0
- internet(dynamic ip), eth1 - lan ( 192.168.0.x) )
that is running fine. Internet browsing and Emailing
is all ok from all the clients are ok.
i now want to do port forwarding whereby, i want
anyone connecting to our firewall on port 85 to be
forwarded to an internal machine with ip 192.168.0.5
on port 85.
i wrote this line in the /etc/shorewall/rules file (
testing from outside ) and its not working.
# allow port forwarding to sohoserver - 192.168.0.5:85
#from the net
DNAT net loc:192.168.0.5:85 tcp 85
Is the issue here becos i have a dynamic ip for my
internet interface?
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Sander Bontje
2007-Dec-17 11:53 UTC
Re: Port forwarding - dynamic ip on outside interface?
># allow port forwarding to sohoserver - 192.168.0.5:85 >#from the net >DNAT net loc:192.168.0.5:85 tcp 85Try the following: DNAT net loc:192.168.0.5 tcp 85 Or, to improve debug your problem use this and keep an eye on your log: DNAT:info net loc:192.168.0.5 tcp 85 Greetings, Sander ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Linux Advocate wrote:> Guys, > > I have a basic shorewall setup ( two interface , eth0 > - internet(dynamic ip), eth1 - lan ( 192.168.0.x) ) > that is running fine. Internet browsing and Emailing > is all ok from all the clients are ok. > > i now want to do port forwarding whereby, i want > anyone connecting to our firewall on port 85 to be > forwarded to an internal machine with ip 192.168.0.5 > on port 85. > > i wrote this line in the /etc/shorewall/rules file ( > testing from outside ) and its not working. > > # allow port forwarding to sohoserver - 192.168.0.5:85 > #from the net > DNAT net loc:192.168.0.5:85 tcp 85 > > > Is the issue here becos i have a dynamic ip for my > internet interface?No. See Shorewall FAQs 1a and 1b for port forwarding troubleshooting tips. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Linux Advocate
2007-Dec-17 16:03 UTC
Re: Port forwarding - dynamic ip on outside interface?
Sander,> > Try the following: > DNAT net loc:192.168.0.5 tcp 85 > > Or, to improve debug your problem use this and keep > an eye on your log: > DNAT:info net loc:192.168.0.5 tcp 85ok , i will check out syslog. thanx. i will report when this is solved. ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Linux Advocate
2007-Dec-17 18:01 UTC
Re: Port forwarding - dynamic ip on outside interface ?
> > > > i wrote this line in the /etc/shorewall/rules file > ( > > testing from outside ) and its not working. > > > > # allow port forwarding to sohoserver - > 192.168.0.5:85 > > #from the net > > DNAT net loc:192.168.0.5:85 tcp 85 > > > > > > Is the issue here becos i have a dynamic ip for my > > internet interface? > > No. See Shorewall FAQs 1a and 1b for port forwarding > troubleshooting tips. > > -Tom >ok, faq-1a and 1b will be scoured and then i will get back to u guys.... ____________________________________________________________________________________ Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Linux Advocate
2007-Dec-18 06:15 UTC
Re: Port forwarding - dynamic ip on outside interface ?
problem solved. it was because the gateway was not set properly as mentioned in faq 1a. i had not checked that becos i simply assumed that it was setup correctly, i had forgotten that i made some changes some time back. thanx tom - port forwarding working fine. --- Linux Advocate <linuxhousedn@yahoo.com> wrote:> > > > > > > i wrote this line in the /etc/shorewall/rules > file > > ( > > > testing from outside ) and its not working. > > > > > > # allow port forwarding to sohoserver - > > 192.168.0.5:85 > > > #from the net > > > DNAT net loc:192.168.0.5:85 tcp 85 > > > > > > > > > Is the issue here becos i have a dynamic ip for > my > > > internet interface? > > > > No. See Shorewall FAQs 1a and 1b for port > forwarding > > troubleshooting tips. > > > > -Tom > > > > > ok, faq-1a and 1b will be scoured and then i will > get > back to u guys.... > > > >____________________________________________________________________________________> Looking for last minute shopping deals? > Find them fast with Yahoo! Search. >http://tools.search.yahoo.com/newsearch/category.php?category=shopping> >-------------------------------------------------------------------------> SF.Net email is sponsored by: > Check out the new SourceForge.net Marketplace. > It''s the best place to buy or sell services > for just about anything Open Source. >http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace> _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/shorewall-users>____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace