Tom Eastep
2002-Oct-22 19:23 UTC
[Shorewall-users] Re: Mandrake 9, Shorewall and port forwarding.
Ralph Freibeuter wrote: > Hi all. > I am new to this list and I have a big problem with Mandrake 9 and the > integrated > Shorewall firewall. I think it has to do with it. > > The configuration in here looks like this: > > I have a Linux Box (Mandrake 9) with two NICs and two other PCs (Macs) > that are all connected to a 16port HUB. Also the Linux. > The DSL Modem is connected to the uplink port of the HUB. > > The Linux Box routes the interal PCs to the internet and this works fine. > It''s all the standard installation of Mandrake 9. > > The Linux NICs are internal configured to: > eth0: 10.0.0.1 / and I think it''s used to connect and be also ppp0 for DSL > eth1: 192.168.1.1 / connects to the LAN site. > > My Problem. I want the Linux Box to forward requests from internal and > external users that go to port 80 to my internal machine with fix IP > 192.168.1.10. At the moment the Linux http server answers port 80 > requests. > > What I tried until now: > > Into /etc/shorewall/rules I tested: DNAT net loc:192.168.1.10 tcp http > (did not work - I always rebooted after configuring something) > > Then I tried the following (tip from a mandrake newsgroup on internet): > iptables -t nat -I PREROUTING -p tcp -i ppp0 --dport 80 -j DNAT --to > 192.168.1.10:80 > (did not work - it now blocks all requests to port 80 from internal and > external) > > I also changed the interfaces file from shorewall to: > net ppp0 detect > masq eth0 detect > loc eth1 detect I don''t know why Mandrake has two local zones (masq and loc) but in confuses the hell out of every newbie who tries to use Shorewall under Mandrake. > > It was before (masq eth1 and loc eth0) but because eth0 is 10.0.0.1 I > changed it the way above. I hope this was correct. Anyway, both configs > (the original and my changed) do not work. I have no access. None from > outside and none from inside the LAN. > <snipped all details> -- in the future, rather than posting all of this "iptables -L" output, please just post the output from "shorewall status". It is much more useful (I won''t even look at plain "iptables -L" output). What I suggest that you do is: a) download the latest Shorewall rpm from my site. b) download the latest two-interface sample configuration from my site. c) shorewall clear d) cd /etc e) mv shorewall shorewall.old f) cd g) rpm -e --nodeps shorewall h) rpm -ivh <the latest Shorewall RPM that you loaded above> i) tar -zxf <the latest two-interface sample that you downloaded above> j) copy the files from the ''two-interfaces'' directory into /etc/shorewall replacing the files that are there. k) Now follow carefully the rest of the instructions at http://www.shorewall.net/two-interface.htm. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net