thr3ads.net - Shorewall users - [Shorewall-users] Port Forwarding to another network [Apr 2002]

If this information is useful, please help other people find it:
Share via:

Renato Tirol

2002-Apr-22 01:20 UTC

[Shorewall-users] Port Forwarding to another network

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C1E99B.E241FAC0
Content-Type: text/plain;
	charset="iso-8859-1"

Hi Everyone,

Good day!
I really need your help.  I am trying to portforward (say port 80)to another
network attached to our local network.
I used the two-interfaced template. It seems that the packets just got lost
somewhere.

Below is the diagram of the network.
+-----------+     +----+     +--------------+
| ISP''s Rtr +-----+ FW +-----+ LAN A        |
+-----------+     +----+     |192.168.1.0/24| 
                             +------+-------+
                                    |
                                    |
                             +------+------+
                             | Router A    |
                             | 192.168.1.1 |
				     +------+------+       
                                    |
                                    | T1 leased line

                                    |
                             +-------------+
                             | Router B    |
      			     | 192.168.2.1 |
                             +------+------+
                                    |
                                    |
                             +------+-------+
                             | LAN B        |
                             |192.168.2.0/24|
                             +------+-------+
                                    |
                             +-------------+
                             |   Server    |
                             | 192.168.2.4 |
                             +-------------+

This one is taken from the rules (real ips are substituted):
ACCEPT          net       loc:$SERVER1  tcp     $LOC_TCP_PORTS1 - 10.1.1.2
ACCEPT          loc       loc:$SERVER1  tcp     $LOC_TCP_PORTS1 - 10.1.1.2
ACCEPT          net       loc:$SERVER1  udp     $LOC_UDP_PORTS1 -      all


Also the policy:
fw              net             ACCEPT                    
fw              loc             ACCEPT                    
net             all             DROP            info      
all             all             REJECT          info      

>From the params:LOCAL_OPTIONS=routestopped,multi 
LOCAL_NET=192.168.0.0/16
LOC_TCP_PORTS1=80
SERVER1=192.168.2.4

Here''s the routing table of the firewall (valid ip is substitured by
10.1.1.0):
Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface 
10.1.1.0        *               255.0.0.0       U        40 0          0
eth0  
192.168.1.0     *               255.255.255.0   U        40 0          0
eth1  
192.168.2.0     *               255.255.255.0   U        40 0          0
eth1  
127.0.0.0       *               255.0.0.0       U        40 0          0 lo

default         10.1.1.1        0.0.0.0         UG       40 0          0
eth0

On the server, I added a route to the LAN interface of the firewall. 
I''m
not if I did was right.  Am still new with networking also. Thanks in
advance.


Regards,
Rene

------_=_NextPart_001_01C1E99B.E241FAC0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version
5.5.2650.12">
<TITLE>Port Forwarding to another network</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Hi
Everyone,</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Good
day!</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">I really need your
help.&nbsp; I am trying to portforward (say port 80)to another network
attached to our local network.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">I used the
two-interfaced template. It seems that the packets just got lost
somewhere.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Below is the
diagram of the network.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">+-----------+&nbsp;&nbsp;&nbsp;&nbsp;
+----+&nbsp;&nbsp;&nbsp;&nbsp; +--------------+</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">| ISP''s
Rtr +-----+ FW +-----+ LAN
A&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">+-----------+&nbsp;&nbsp;&nbsp;&nbsp;
+----+&nbsp;&nbsp;&nbsp;&nbsp; |192.168.1.0/24| </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+------+-------+</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+------+------+</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
| Router A&nbsp;&nbsp;&nbsp; |</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
| 192.168.1.1 |</FONT>
<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <FONT
SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;
+------+------+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
| T1 leased
line&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+-------------+</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
| Router B&nbsp;&nbsp;&nbsp; |</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp; | 192.168.2.1 |</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+------+------+</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+------+-------+</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
| LAN B&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|192.168.2.0/24|</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+------+-------+</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+-------------+</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|&nbsp;&nbsp; Server&nbsp;&nbsp;&nbsp; |</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
| 192.168.2.4 |</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+-------------+</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">This one is taken
from the rules (real ips are substituted):</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">ACCEPT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
net&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
loc:$SERVER1&nbsp; tcp&nbsp;&nbsp;&nbsp;&nbsp;
$LOC_TCP_PORTS1 - 10.1.1.2</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">ACCEPT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
loc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
loc:$SERVER1&nbsp; tcp&nbsp;&nbsp;&nbsp;&nbsp;
$LOC_TCP_PORTS1 - 10.1.1.2</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">ACCEPT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
net&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
loc:$SERVER1&nbsp; udp&nbsp;&nbsp;&nbsp;&nbsp;
$LOC_UDP_PORTS1 -&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
all</FONT>
</P>
<BR>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Also the
policy:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">fw&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
net&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
ACCEPT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">fw&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
loc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
ACCEPT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">net&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
all&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
DROP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
info&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">all&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
all&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
REJECT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
info&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </FONT>
</P>
<BR>

<P><FONT SIZE=3D2 FACE=3D"Courier New">From the
params:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">LOCAL_OPTIONS=3Droutestopped,multi </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">LOCAL_NET=3D192.168.0.0/16</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">LOC_TCP_PORTS1=3D80</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">SERVER1=3D192.168.2.4</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Here''s the
routing table of the firewall (valid ip is substitured by
10.1.1.0):</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Kernel IP routing
table&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">Destination&nbsp;&nbsp;&nbsp;&nbsp;
Gateway&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Genmask&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Flags&nbsp;&nbsp; MSS Window&nbsp; irtt Iface </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">10.1.1.0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
255.0.0.0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
U&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 40
0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
0 eth0&nbsp; </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">192.168.1.0&nbsp;&nbsp;&nbsp;&nbsp;
*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
255.255.255.0&nbsp;&nbsp;
U&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 40
0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
0 eth1&nbsp; </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">192.168.2.0&nbsp;&nbsp;&nbsp;&nbsp;
*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
255.255.255.0&nbsp;&nbsp;
U&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 40
0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
0 eth1&nbsp; </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">127.0.0.0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
255.0.0.0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
U&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 40
0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
0 lo&nbsp;&nbsp;&nbsp; </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier
New">default&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
10.1.1.1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
0.0.0.0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
UG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 40
0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
0 eth0</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">On the server, I
added a route to the LAN interface of the firewall.&nbsp; I''m not
if I did was right.&nbsp; Am still new with networking also. Thanks in
advance.</FONT></P>
<BR>

<P><FONT SIZE=3D2 FACE=3D"Courier
New">Regards,</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Rene</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C1E99B.E241FAC0--

Tom Eastep

2002-Apr-22 02:03 UTC

head link

[Shorewall-users] Port Forwarding to another network

On Mon, 22 Apr 2002, Renato Tirol wrote:
> Hi Everyone,
>
> Good day!
> I really need your help.  I am trying to portforward (say port 80)to
another
> network attached to our local network.
> I used the two-interfaced template. It seems that the packets just got lost
> somewhere.
>
> Below is the diagram of the network.
> +-----------+     +----+     +--------------+
> | ISP''s Rtr +-----+ FW +-----+ LAN A        |
> +-----------+     +----+     |192.168.1.0/24|
>                              +------+-------+
>                                     |
>                                     |
>                              +------+------+
>                              | Router A    |
>                              | 192.168.1.1 |
> 				     +------+------+
>                                     |
>                                     | T1 leased line
>
>                                     |
>                              +-------------+
>                              | Router B    |
>       			     | 192.168.2.1 |
>                              +------+------+
>                                     |
>                                     |
>                              +------+-------+
>                              | LAN B        |
>                              |192.168.2.0/24|
>                              +------+-------+
>                                     |
>                              +-------------+
>                              |   Server    |
>                              | 192.168.2.4 |
>                              +-------------+
>
> This one is taken from the rules (real ips are substituted):
> ACCEPT          net       loc:$SERVER1  tcp     $LOC_TCP_PORTS1 - 10.1.1.2
> ACCEPT          loc       loc:$SERVER1  tcp     $LOC_TCP_PORTS1 - 10.1.1.2
> ACCEPT          net       loc:$SERVER1  udp     $LOC_UDP_PORTS1 -      all
>
>
> Also the policy:
> fw              net             ACCEPT
> fw              loc             ACCEPT
> net             all             DROP            info
> all             all             REJECT          info
>
>
> From the params:
> LOCAL_OPTIONS=routestopped,multi
> LOCAL_NET=192.168.0.0/16
> LOC_TCP_PORTS1=80
> SERVER1=192.168.2.4
>
> Here''s the routing table of the firewall (valid ip is substitured
by
> 10.1.1.0):
> Kernel IP routing table
>
> Destination     Gateway         Genmask         Flags   MSS Window  irtt
> Iface
> 10.1.1.0        *               255.0.0.0       U        40 0          0
> eth0
> 192.168.1.0     *               255.255.255.0   U        40 0          0
> eth1
> 192.168.2.0     *               255.255.255.0   U        40 0          0
> eth1
The above route needs to specify the gateway 192.168.1.1!!!
> 127.0.0.0       *               255.0.0.0       U        40 0          0 lo
>
> default         10.1.1.1        0.0.0.0         UG       40 0          0
> eth0
>
> On the server, I added a route to the LAN interface of the firewall. 
I''m
> not if I did was right.
You did NOT - see above.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Jerry Vonau

2002-Apr-22 02:07 UTC

head link

[Shorewall-users] Port Forwarding to another network

Rene:

First off, I think your routing needs fixing.

Destination     Gateway         Genmask         Flags   MSS
Window  irtt Iface
192.168.2.0     *               255.255.255.0   U        40
0          0 eth1

should be:
192.168.2.0    192.168.1.1      255.255.255.0   U        40
0          0 eth1

You need to state the ip address of the gateway (router) to
the other lan. 

The remote server needs to have it''s default route set to
the firewall''s internal ip.
It should have a route to the firewall''s lan already, as per
your post.

Can you ping the remote server from the firewall?

Jerry Vonau

Shorewall users - Apr 2002 - Port Forwarding to another network

[Shorewall-users] Port Forwarding to another network

[Shorewall-users] Port Forwarding to another network

[Shorewall-users] Port Forwarding to another network