Hi i have a small problems with my shorewall: I use DNAT for redirect : DNAT net dmz:192.168.100.11:80 tcp 80 DNAT net dmz:192.168.100.11:443 tcp 443 and now, i want use too NAT (/etc/shorewall/nat): 213.XX.XX.XX eth0: 192.168.100.10 no no my problems are when i want access to 213.XX.XX.XX/192.168.100.10 on tcp 80, i don''t going on 192.168.100.10 but on 192.168.100.11 (DNAT) where is my errors ? thanks jerome ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Phibee Network Operation Center wrote:> Hi > > i have a small problems with my shorewall: > > I use DNAT for redirect : > > DNAT net dmz:192.168.100.11:80 tcp 80 > DNAT net dmz:192.168.100.11:443 tcp 443 > > > and now, i want use too NAT (/etc/shorewall/nat): > 213.XX.XX.XX eth0: 192.168.100.10 no no > > my problems are when i want access to 213.XX.XX.XX/192.168.100.10 on > tcp 80, i don''t going on 192.168.100.10 but on 192.168.100.11 (DNAT) > > where is my errors ?You have not specified an ORIGINAL DEST address in your DNAT rules. Hence, they apply to traffic with ANY original destination address, including the one in your /etc/shorewall/nat entry. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Tom Eastep a écrit :> Phibee Network Operation Center wrote: >> Hi >> >> i have a small problems with my shorewall: >> >> I use DNAT for redirect : >> >> DNAT net dmz:192.168.100.11:80 tcp 80 >> DNAT net dmz:192.168.100.11:443 tcp 443 >> >> >> and now, i want use too NAT (/etc/shorewall/nat): >> 213.XX.XX.XX eth0: 192.168.100.10 no no >> >> my problems are when i want access to 213.XX.XX.XX/192.168.100.10 on >> tcp 80, i don''t going on 192.168.100.10 but on 192.168.100.11 (DNAT) >> >> where is my errors ? > > You have not specified an ORIGINAL DEST address in your DNAT rules. > Hence, they apply to traffic with ANY original destination address, > including the one in your /etc/shorewall/nat entry. > > -TomThanks ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/