thr3ads.net - Shorewall users - [Shorewall-users] Problem with static external IP''s [Mar 2003]

If this information is useful, please help other people find it:
Share via:

P H

2003-Mar-11 09:40 UTC

[Shorewall-users] Problem with static external IP''s

Hello,

I am using a two interface setup.
eth0 = 192.168.1.1 =>213.94.193.89 <- IP on modem
eth1 = 10.10.1.3 <- connected to hub

interfaces
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     ppp0            -               routefilter
loc     eth1            10.10.1.255     dhcp,routestopped

nat
#EXTERNAL       INTERFACE       INTERNAL        ALL INTERFACES          
LOCAL
213.94.193.90   ppp0            10.10.1.1       No                    No
213.94.193.91   ppp0            10.10.1.2       No                    No
213.94.193.92   ppp0            10.10.1.4       No                    No
213.94.193.93   ppp0            10.10.1.5       No                    No
213.94.193.94   ppp0            10.11.1.1       No                    No

masq
#INTERFACE              SUBNET          ADDRESS
ppp0                    eth1

All the pc''s are able to connect to the internet on the static ips
assigned
to them, but they can not be ping from the outside of access e.g ftp.
DNAT           net     loc:10.11.1.1:21   tcp     2122 - 213.94.193.94

But if some one ftps to 213.94.193.89:2122 they get access to 10.11.1.1

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus

Tom Eastep

2003-Mar-11 09:49 UTC

head link

[Shorewall-users] Problem with static external IP''s

--On Tuesday, March 11, 2003 05:39:32 PM +0000 P H <paddy667@hotmail.com> 
wrote:
>
>
> Hello,
>
> I am using a two interface setup.
> eth0 = 192.168.1.1 =>213.94.193.89 <- IP on modem
> eth1 = 10.10.1.3 <- connected to hub
>
> interfaces
># ZONE   INTERFACE       BROADCAST       OPTIONS
> net     ppp0            -               routefilter
> loc     eth1            10.10.1.255     dhcp,routestopped
>
> nat
># EXTERNAL       INTERFACE       INTERNAL        ALL INTERFACES
># LOCAL
> 213.94.193.90   ppp0            10.10.1.1       No                    No
> 213.94.193.91   ppp0            10.10.1.2       No                    No
> 213.94.193.92   ppp0            10.10.1.4       No                    No
> 213.94.193.93   ppp0            10.10.1.5       No                    No
> 213.94.193.94   ppp0            10.11.1.1       No                    No
>
> masq
># INTERFACE              SUBNET          ADDRESS
> ppp0                    eth1
Why are you both MASQing and using static nat? Do you have more internal 
systems than just the ones listed in the nat table?
>
> All the pc''s are able to connect to the internet on the static ips
> assigned to them, but they can not be ping from the outside
Please read http://www.shorewall.net/ping.html!!!!!!!!

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net

Shorewall users - Mar 2003 - Problem with static external IP''s

[Shorewall-users] Problem with static external IP''s

[Shorewall-users] Problem with static external IP''s