I''m not a subscribed user, so please cc me on any replies
(fier0@bigfoot.com).
I know this has been asked a few times, but i have not been able to find
a direct answer. I was using shorewall with 2 nics, and it worked fine,
except if that linux box went down then nobody could get out to the
internet (and the wife would kick my ass). I''ve now started to use my
linksys router to connect to the internet.
Now i''m using the dmz features of the linksys router -- that is any
traffic it receives it forwards to my shorewall firewall. I''ve changed
everything on the shorewall to only have 1 interface, changed all the
rules also. I did add the routeback option to the eth0 interface, and
took out everything else. I want to use the port redirect features of
shorewall, and that is why i don''t want to use the firewall on the
linksys router.
It does accept traffic, but i''m trying to dnat web traffic and ssl
ports
(among others), but it doesn''t seem to work. If i change the rules to
log info, i do see it coming in. If i do a netstat on my other linux
webserver, i see it coming in with the SYN_RECV state, but nothing
after that.
Here''s the log entry from my shorewall machine:
Jan 2 13:34:05 MachineName kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT=
MAC=00:00:00:00:00... SRC=x.x.x.x DST=192.168.0.1 LEN=60 TOS=0x00
PREC=0x00 TTL=46 ID=45682 PROTO=TCP SPT=54945 DPT=80 WINDOW=65535
RES=0x00 SYN URGP=0
Mac and src port have been taken out, but were there. The src address
actually seems to be the real source address, not my linksys router.
Here''s my rule: DNAT:info net net:192.168.0.3 tcp www -
-
I don''t have anything setup in masq, nat or proxyarp files.
Is this something that can be done? What else do i need to add? I have
tried to find any info on this on the mailing list, but nothing really
states what i''m trying to do.