Örjan Johansson
2002-Mar-17 13:27 UTC
[Shorewall-users] NATed addresses, DMZ and DNS-replys
Hi all! =20 A server in the DMZ has an address in the 192.168.2.0/24 range - 192.168.2.15 specifically, but a public IP on the outside if through static NAT. The name server is on the outside, resolving the host to the public address - let''s call that 212.50.50.1. Requests from the outside work just fine, but hosts on the inside (192.168.1.0/24) can''t access the server. Would this rule be the one I wan''t to use? =20 ACCEPT local dmz:192.168.2.15 tcp www - 212.50.50.1 =20 Would this forward the internal requests to the public ip to the private address in the dmz? Reading the documentation leads me to believe this, but a client tells me it doesn''t work. Any input welcome. =20 TIA, Orjan
----- Original Message ----- From: "Örjan Johansson" <orjan@whyevenbother.com> To: <shorewall-users@shorewall.net> Sent: Sunday, March 17, 2002 5:27 AM Subject: [Shorewall-users] NATed addresses, DMZ and DNS-replys Hi all! A server in the DMZ has an address in the 192.168.2.0/24 range - 192.168.2.15 specifically, but a public IP on the outside if through static NAT. The name server is on the outside, resolving the host to the public address - let''s call that 212.50.50.1. Requests from the outside work just fine, but hosts on the inside (192.168.1.0/24) can''t access the server. Would this rule be the one I wan''t to use? ACCEPT local dmz:192.168.2.15 tcp www - 212.50.50.1 Would this forward the internal requests to the public ip to the private address in the dmz? Reading the documentation leads me to believe this, but a client tells me it doesn''t work. Any input welcome. Yes -- that will work. In fact, if you look at my old configuration (http://www.shorewall.net/myfiles.htm#Old), I believe that I used to do that myself. -Tom