Shorewall users - Aug 2004 - DNAT problem

Hello,

    I have a problem. I have a webserver/firewall/internet gateway machine with
shorewall. The local network is masquerated.
I am trying to get all packets coming from the internal network with the
destination 133.211.9.10 on ports 80 and 110 (my external interface) to be
redirected to the internal interface (192.168.9.2). My local network is
192.168.1.0/24.

Thank you

/etc/shorewall/rules

You have two o three interfaces ?

with two interfaces:

DNAT            net:133.211.9.10 loc:192.168.9.2 tcp http,smtp - 133.211.9.10

I home will be helpfull.
Alberto.
http://www.starosta.org



At 15.10 06/08/2004, you wrote:
>Hello,
>
>     I have a problem. I have a webserver/firewall/internet gateway 
> machine with shorewall. The local network is masquerated.
>I am trying to get all packets coming from the internal network with the 
>destination 133.211.9.10 on ports 80 and 110 (my external interface) to be 
>redirected to the internal interface (192.168.9.2). My local network is 
>192.168.1.0/24.
>
>Thank you
>_______________________________________________
>Shorewall-users mailing list
>Post: Shorewall-users@lists.shorewall.net
>Subscribe/Unsubscribe: 
>https://lists.shorewall.net/mailman/listinfo/shorewall-users
>Support: http://www.shorewall.net/support.htm
>FAQ: http://www.shorewall.net/FAQ.htm

Tried it, but no luck! Let me explain my problem better
My local network has 2 servers: a file server, which works also as a VPN
server with 3 interfaces
    - 211.11.13.140 ---> for the vpn tunnel
    - 192.168.1.1     ---> for the local network
    - 192.168.9.1    ----> connects to the webserver/internet gateway/mail
server
 The second server works as a webserver/internet gateway/mail server with 2
interfaces
    - 192.168.9.2    -----> connects  to the file server
    - 133.211.9.10   -----> external ip

my /shorewall/interfaces lok like this:

net   eth1  detect
masq  eth0  192.168.9.0 routeback

and my /shorewall/masq

eth1  192.168.1.0/255.255.255.0  133.211.9.10

the problem is that i cannot acces 133.211.9.10 (www.mydomain.com) from the
internal network,
i get martian source messages. Of course, if i turn off the rp_filter
option, is OK, but I don''t want to do this.
So all I want is that ALL packets from 192.168.1.0 destined for the
133.211.9.10 to be redirected to
192.168.9.2.


                            Thank you.


----- Original Message ----- 
From: "Devel (Alberto)" <devel@starosta.org>
To: "Mailing List for Shorewall Users"
<shorewall-users@lists.shorewall.net>
Sent: Friday, August 06, 2004 4:57 PM
Subject: Re: [Shorewall-users] DNAT problem

>
> /etc/shorewall/rules
>
> You have two o three interfaces ?
>
> with two interfaces:
>
> DNAT            net:133.211.9.10 loc:192.168.9.2 tcp http,smtp -
133.211.9.10
>
> I home will be helpfull.
> Alberto.
> http://www.starosta.org
>
>
>
> At 15.10 06/08/2004, you wrote:
> >Hello,
> >
> >     I have a problem. I have a webserver/firewall/internet gateway
> > machine with shorewall. The local network is masquerated.
> >I am trying to get all packets coming from the internal network with
the
> >destination 133.211.9.10 on ports 80 and 110 (my external interface) to
be
> >redirected to the internal interface (192.168.9.2). My local network is
> >192.168.1.0/24.
> >
> >Thank you
> >_______________________________________________
> >Shorewall-users mailing list
> >Post: Shorewall-users@lists.shorewall.net
> >Subscribe/Unsubscribe:
> >https://lists.shorewall.net/mailman/listinfo/shorewall-users
> >Support: http://www.shorewall.net/support.htm
> >FAQ: http://www.shorewall.net/FAQ.htm
>
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>