Dear Tom,
Thank you very much for all your help. I started digging in your program
and found a workaround. It works for me very well. What I did is I created
my backup SNAT in masq file and regular in nat file.
eth0 192.168.1.44 65.213.35.200
This way shorewall creates two SNAT for me and only one (primary) DNAT.
P.S. I dont know enought about iptables, but I am very determined.
Val
>From: Tom Eastep <teastep@shorewall.net>
>To: Val Vechnyak <vechnyak@hotmail.com>
>CC: "shorewall-users@shorewall.net"
<shorewall-users@shorewall.net>
>Subject: Re: [Shorewall-users] Cannot delete a rule
>Date: Wed, 8 May 2002 11:45:45 -0700 (PDT)
>
>On Wed, 8 May 2002, Val Vechnyak wrote:
>
> > You are right. Considering shorewall first looks at the rules file, I
do
> > have my internal system open. I guess I am back to static NAT again.
>But
> > then if I use the nat file I cannot have single DNAT with multiple
SNAT.
> > Otherwise, In my required configuration, I dont know how to forward
>packets
> > from external to local network AND to filter them at the same time. I
>guess
> > no one flips rules on the fly to repoint to a different server. This
>seems
> > like a simple failover solution. no?
> >
>
>I gave you a simple failover solution in a previous post (alternate
>Shorewall configuration). You apparently don''t like that solution
so you
>can either learn enough about iptables to do what you want using Shorewall
>or you can try to find another firewall that support this feature in some
>other way. I am not going to code up the failover script for you because
>then if I change the way Shorewall does port forwarding, NAT, or whatever
>in a future release then your script will break and you will want ME to
>fix it.
>
>-Tom
>--
>Tom Eastep \ Shorewall - iptables made easy
>AIM: tmeastep \ http://www.shorewall.net
>ICQ: #60745924 \ teastep@shorewall.net
_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com