Hi, I have IMAPS server which is behind firewall and accessible from outside by simple DNAT rule: DNAT net loc:192.168.201.X:993 tcp NNNNN NNNNN is non-standard port. I am havng trouble configuring shorewall to allow same access form inside. Even after thorough reading of DNAT documentation I am still puzzled. I tried: DNAT loc loc:192.168.201.X:993 tcp NNNNN - 192.168.201.Y in rules file where 192.168.201.X is local IMAPS server and 192.168.201.Y is firewall internal address. I even tried to add: eth0:192.168.201.X eth0 192.168.201.Y tcp NNNNN in masq file (eth0 is internal interface on firewall), but connection always times out. As I can see shorewall is not blocking anything, but packets are lost somewhere. Is there any way to achieve this? Thanks, Dragan ------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
On 09/28/2012 11:37 AM, Dragan Jurkovic wrote:> Hi, > > I have IMAPS server which is behind firewall and accessible from > outside by simple DNAT rule: > > DNAT net loc:192.168.201.X:993 tcp NNNNN > > NNNNN is non-standard port. > I am havng trouble configuring shorewall to allow same access form > inside. Even after thorough reading of DNAT documentation I am still > puzzled. > I tried: > > DNAT loc loc:192.168.201.X:993 tcp NNNNN - 192.168.201.Y > > in rules file where 192.168.201.X is local IMAPS server and > 192.168.201.Y is firewall internal address. > I even tried to add: > > eth0:192.168.201.X eth0 192.168.201.Y tcp NNNNN > > in masq file (eth0 is internal interface on firewall), but connection > always times out. As I can see shorewall is not blocking anything, but > packets are lost somewhere. > Is there any way to achieve this?This is Shorewall FAQ 2. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
On Fri, Sep 28, 2012 at 2:50 PM, Tom Eastep <teastep@shorewall.net> wrote:> On 09/28/2012 11:37 AM, Dragan Jurkovic wrote: >> Hi, >> >> I have IMAPS server which is behind firewall and accessible from >> outside by simple DNAT rule: >> >> DNAT net loc:192.168.201.X:993 tcp NNNNN >> >> NNNNN is non-standard port. >> I am havng trouble configuring shorewall to allow same access form >> inside. Even after thorough reading of DNAT documentation I am still >> puzzled. >> I tried: >> >> DNAT loc loc:192.168.201.X:993 tcp NNNNN - 192.168.201.Y >> >> in rules file where 192.168.201.X is local IMAPS server and >> 192.168.201.Y is firewall internal address. >> I even tried to add: >> >> eth0:192.168.201.X eth0 192.168.201.Y tcp NNNNN >> >> in masq file (eth0 is internal interface on firewall), but connection >> always times out. As I can see shorewall is not blocking anything, but >> packets are lost somewhere. >> Is there any way to achieve this? > > This is Shorewall FAQ 2.Thanks Tom - I did read FAQ 2 and followed it to the letter, but have no success.> > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > ------------------------------------------------------------------------------ > Got visibility? > Most devs has no idea what their production app looks like. > Find out how fast your code is with AppDynamics Lite. > http://ad.doubleclick.net/clk;262219671;13503038;y? > http://info.appdynamics.com/FreeJavaPerformanceDownload.html > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
On 09/28/2012 11:59 AM, Dragan Jurkovic wrote:> On Fri, Sep 28, 2012 at 2:50 PM, Tom Eastep <teastep@shorewall.net> wrote: >> On 09/28/2012 11:37 AM, Dragan Jurkovic wrote: >>> Hi, >>> >>> I have IMAPS server which is behind firewall and accessible from >>> outside by simple DNAT rule: >>> >>> DNAT net loc:192.168.201.X:993 tcp NNNNN >>> >>> NNNNN is non-standard port. >>> I am havng trouble configuring shorewall to allow same access form >>> inside. Even after thorough reading of DNAT documentation I am still >>> puzzled. >>> I tried: >>> >>> DNAT loc loc:192.168.201.X:993 tcp NNNNN - 192.168.201.Y >>> >>> in rules file where 192.168.201.X is local IMAPS server and >>> 192.168.201.Y is firewall internal address. >>> I even tried to add: >>> >>> eth0:192.168.201.X eth0 192.168.201.Y tcp NNNNN >>> >>> in masq file (eth0 is internal interface on firewall), but connection >>> always times out. As I can see shorewall is not blocking anything, but >>> packets are lost somewhere. >>> Is there any way to achieve this? >> This is Shorewall FAQ 2. > Thanks Tom - I did read FAQ 2 and followed it to the letter, but have > no success.If I am reading your routing correctly the local machines trying to get to the imap server would not be traversing through the firewall since it is on the same network. You would need to configure the local machines to connect to the imap server on the nonstandard port.>> -Tom >> -- >> Tom Eastep \ When I die, I want to go like my Grandfather who >> Shoreline, \ died peacefully in his sleep. Not screaming like >> Washington, USA \ all of the passengers in his car >> http://shorewall.net \________________________________________________ >> >> ------------------------------------------------------------------------------ >> Got visibility? >> Most devs has no idea what their production app looks like. >> Find out how fast your code is with AppDynamics Lite. >> http://ad.doubleclick.net/clk;262219671;13503038;y? >> http://info.appdynamics.com/FreeJavaPerformanceDownload.html >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------------ > Got visibility? > Most devs has no idea what their production app looks like. > Find out how fast your code is with AppDynamics Lite. > http://ad.doubleclick.net/clk;262219671;13503038;y? > http://info.appdynamics.com/FreeJavaPerformanceDownload.html > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html