I''m new to the list so I plead ignorance if this has already been hammered out in prior posts. I just upgraded my shorewall to v1.4.3a running on a SuSE 7.3 box w/ two nics: eth0 net eth1 loc I have a program running on all local workstations that talk to one another on port 1814 tcp. This program also initiates packets to the outside world w/ others on the same port. I''ve successfuly been allowing people to dnat inbound to my wkst via /etc/shorewall/rules: DNAT net loc:192.168.0.210 1814 Works perfect. BTW, from the internet, they connect to our static IP or dyndns name. What I wish is for everyone on the inside to be able to connect to our server in the same manner so as to have a common return path. Ie. Everyone connects to the server via it''s external IP (which is static) at port such and such: 24.xxx.xxx.100:1814 and this should DNAT over to 192.168.0.210 as the above rule would imply. The xxx''s are to protect the innocent. To accomplish this, I have followed the FAQ on the shorewall site: http://www.shorewall.net/FAQ.htm#faq2 This example is virtually the same as what I''m trying to do yet I cannot seem to get it to work. The connect is never established to the internal wkst. Could someone give me an example setup in the following areas as needed: /etc/shorewall/rules /etc/shorewall/policy /etc/shorewall/interfaces -- ----------------------- -Thanks, Dan -Haight & Associates, Inc. -907.586.9788 -----------------------
On Thu, 22 May 2003, Dan Phillips wrote:> > Could someone give me an example setup in the following areas as needed: > /etc/shorewall/rules > /etc/shorewall/policy > /etc/shorewall/interfaces >I''ve got a better idea -- why don''t you show us what you have and we can offer advice. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On Thu, 22 May 2003 15:38:28 -0800, Dan Phillips <dan@haight-assoc.com> wrote:> > /etc/shorewall/rules > DNAT:info net loc:192.168.0.210 tcp 1814 > > (next line is all one line in the file) > DNAT:info loc loc:192.168.0.210 tcp 1814 1814 > 24.xxx.xxx.67:192.168.0.100Try replacing the second 1814 with - -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On Thu, 22 May 2003 16:04:20 -0800, Dan Phillips <dan@haight-assoc.com> wrote:> Didn''t seem to change anything. I also just stumbled across the new > hosts routeback option and added this to no avail: > /etc/shorewall/hosts > > #ZONE HOST(S) OPTIONS > loc eth1:192.168.0.210 routebackThat was wrong and would have no effect. Please follow the instructions at http://www.shorewall.net/support.htm under the red underlined text reading "If you are having connection problems of any kind:" -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net