--On Tuesday, February 04, 2003 8:38 PM +0100 Henrik Flindt Hansen
<hfh@linuxplanet.dk> wrote:
> Hi !
>
> I have setup a complete shorewall now with DMZ, and Private zones and
> masq, rules, port-forwarding etc. worx like expected.
> BUT
>
> I have a wish to use a couple of more public IP''s and relate those
to
> inernal servers on the DMZ zone and i am now so confused about it. I have
> searched this archive for SNAT port allow
> Setup:
>
> 3 public adresses on the WAN nic. lets call them 80.80.80.80 - 80.80.80.81
> - 80.80.80.82
> .80 is the default adress now, used for masq etc.
>
> Lets asume i setup SNAT on .81 and .82 and relate them to 192.168.0.81 and
> 192.168.0.82 respectively in the DMZ zone
> Now to my questions:
>
> 1: Will all traffic get forwarded (SNAT''ed) without restrictions
from .81
> and .82 towards 192.168.0.81 and 192.168.0.82 ?
> 2: If not (i hope not :) how does a proper rule for allowing tcp port 80
> to be forwarded (SNAT''ed) from the 80.80.80.81 SNAT to the DMZ
ditto
> 192.168.0.81
> I really hope someone can show me the logic in this exact matter :)
>
You want DNAT not SNAT!!! This is simple port forwarding which is FAQ #1
(http://www.shorewall.net/FAQ.htm#faq1).
Alternatively, you can use static NAT or Proxy ARP. These are introduced in
http://www.shorewall.net/shorewall_setup_guide.htm -- given your confusion
about SNAT/DNAT, I suggest that you read that guide in its entirety.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net