Hi, I have 2 internet nic''s with differents ISPs. eth0 = isp1 eth3 = isp2 My internal network is eth1 # /etc/interfaces net eth0 detect routefilter,norfc1918,blacklist net eth3 detect routefilter,norfc1918,blacklist loc eth1 detect # /etc/policy loc net ACCEPT net net DROP (*) Faq #32 net all DROP info # THE FOLLOWING POLICY MUST BE LAST # all all REJECT info # /etc/rules (only the line with dnat problem) DNAT net:$TS loc:192.168.0.1:3389 tcp 19889 Now, when I try to connect to eth0 ip with terminal server client, I have success, but when I try to connect to eth3 ip, I don''t connect. why? What''s wrong? Best regards, Anderson.
> > eth0 = isp1 > eth3 = isp2 ><snip>> # /etc/rules (only the line with dnat problem) > DNAT net:$TS loc:192.168.0.1:3389 tcp 19889 > > > Now, when I try to connect to eth0 ip with terminal server client, I have > success, but when I try to connect to eth3 ip, I don''t connect. > > > why? > > What''s wrong?$TS = what? It''s best if you include all the info requested on the support page. Jerry
Hi, $TS is a pool of addresses with permission to access Terminal Service at the internal network. []s, Anderson. ----- Original Message ----- From: "Jerry Vonau" <jvonau@shaw.ca> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Thursday, July 07, 2005 11:36 AM Subject: Re: [Shorewall-users] DNAT with 2 ISP''s> >> >> eth0 = isp1 >> eth3 = isp2 >> > <snip> >> # /etc/rules (only the line with dnat problem) >> DNAT net:$TS loc:192.168.0.1:3389 tcp 19889 >> >> >> Now, when I try to connect to eth0 ip with terminal server client, I have >> success, but when I try to connect to eth3 ip, I don''t connect. >> >> >> why? >> >> What''s wrong? > > $TS = what? > > It''s best if you include all the info requested on the support page. > > Jerry > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > >------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
2005/7/7, Anderson Oliveira <anderson@institutopaideia.org>:> why? > > What''s wrong? >Anderson: Please submit a propewr problem report http://www.shorewall.net/support.htm#Guidelines the output of "shorewall status" IS REALLY IMPORTANT ¡¡ and also submit the "providers" file. "for DVDs in Linux screw the MPAA and ; do dig $DVDs.z.zoy.org ; done | \ perl -ne ''s/\.//g; print pack("H224",$1) if(/^x([^z]*)/)'' | gunzip" ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
Anderson wrote on 07/07/2005 13:27:15:> Hi, > > > $TS is a pool of addresses with permission to access Terminal Service atthe> internal network. > > > []s, > Anderson. > >This is an insecure option, even changing the external port number. I suggest you use some kind of vpn to authenticate your users into your domain/network and only later (when they have a local ip) give access to your terminal service in the internal network. just my $0.02... -- Eduardo Ferreira