thr3ads.net - Shorewall users - [Shorewall-users] DNAT Rookie question [Feb 2003]

If this information is useful, please help other people find it:
Share via:

Jose Luis Goncalves

2003-Feb-11 09:08 UTC

[Shorewall-users] DNAT Rookie question

Hello everyone !

With such nice documention (pictures and all) i thaught that setting up DNAT
would be easy, specially after reading the daughter''s webserver
example.
The problem is that i can''t make it work.

This are my set of rules, i want to DNAT http requests to my firewall to the
host 192.168.69.200 in my local subnet.

What i''m doing wrong ?

Tnx
ZL



ACCEPT          loc       net            tcp     53
ACCEPT          loc       net           udp     53
ACCEPT          loc       net           tcp     3128
ACCEPT          loc       net           tcp     80
ACCEPT          net       loc           tcp     80
ACCEPT          net       fw            tcp     80
ACCEPT          loc       fw            tcp     80
ACCEPT          loc       all           tcp     22
ACCEPT          loc       all           tcp     80
ACCEPT          loc       all           tcp     80
ACCEPT          loc       all           tcp     21
DNAT              net     loc:192.168.69.200     tcp     ssh,http        -      
193.136.195.99
ACCEPT          net       loc:192.168.69.200       tcp        80

SHOREWALL TimeLord

2003-Feb-11 09:22 UTC

head link

[Shorewall-users] DNAT Rookie question

Jose Luis Goncalves  (11.2.2003  18:08):>This are my set of rules, i want to DNAT http requests to my firewall to thehost 192.168.69.200 in my local subnet.


If 193.136.195.99 is external IP of your firewall, then:

DNAT            net     loc:192.168.69.200       tcp     80      -
193.136.195.99

or just only

DNAT            net     loc:192.168.69.200       tcp     80


or manually by iptables:

/sbin/iptables -t nat -A PREROUTING -p tcp -d 193.136.195.99 --dport 80 -j DNAT
--to-destination 192.168.69.200


Juraj

Tom Eastep

2003-Feb-11 09:50 UTC

head link

[Shorewall-users] DNAT Rookie question

Jose Luis Goncalves wrote:> Hello everyone !
> 
> With such nice documention (pictures and all) i thaught that setting up
DNAT would be easy, specially after reading the daughter''s webserver
example.
> The problem is that i can''t make it work.
> 
> This are my set of rules, i want to DNAT http requests to my firewall to
the host 192.168.69.200 in my local subnet.
> 
> What i''m doing wrong ?
> 
Please see FAQ 1b for information about how to debug port forwarding 
problems. http://www.shorewall.net/FAQ.htm#faq1b

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep

2003-Feb-11 10:47 UTC

head link

[Shorewall-users] DNAT Rookie question

Jose Luis Goncalves wrote:
> DNAT              net     loc:192.168.69.200     tcp     ssh,http        - 
193.136.195.99
> ACCEPT          net       loc:192.168.69.200       tcp        80
> 
One more thing -- the second rule is redundent since Shorewall 
automatically generates both the nat table DNAT rule and the filter 
table ACCEPT rule when you specify action=DNAT. If you specify 
action=DNAT- (note the trailing "-") then only the DNAT rule is
generated.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

Shorewall users - Feb 2003 - DNAT Rookie question

[Shorewall-users] DNAT Rookie question

[Shorewall-users] DNAT Rookie question

[Shorewall-users] DNAT Rookie question

[Shorewall-users] DNAT Rookie question