Hello!
I''m trying to get port forward to work but I believe there''s
something wrong with my setup! (it doesn''t work ;))
I''m running Shorewall 1.4.6c and having three NIC''s installed.
One (eth1) for the local network and two with different external
IP''s. The external zones is called bbb1 and bbb2 and the local
is loc.
This is my rule I''m trying to get working:
DNAT bbb2 loc:192.168.0.3 tcp 80
I''m trying to get http://xxx.xxx.xxx.xxx/ throu the local server.
Using the ''shorewall show nat'' I can see that the rule gets
triggered (in the pkts field as described in the FAQ) but then it
just hangs. Therefor I believe I have something wrong with this:
"You have a more basic problem with your local system such as an
incorrect default gateway configured (it should be set to the IP
address of your firewall''s internal interface)."
This is the output from ''ip addr show'':
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:50:fc:a0:4f:54 brd ff:ff:ff:ff:ff:ff
inet 213.114.53.51/26 brd 213.114.53.63 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:48:54:55:85:4e brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/24 brd 192.168.0.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:50:fc:a0:59:5f brd ff:ff:ff:ff:ff:ff
inet 213.114.53.46/26 brd 213.114.53.63 scope global eth2
''ip route show'':
213.114.53.0/26 dev eth0 proto kernel scope link src 213.114.53.51
213.114.53.0/26 dev eth2 proto kernel scope link src 213.114.53.46
192.168.0.0/24 dev eth1 scope link
169.254.0.0/16 dev eth2 scope link
127.0.0.0/8 dev lo scope link
default via 213.114.53.1 dev eth0
Am I missing something? The internal network works fine from what
I''ve understood. I have another gateway, 192.168.0.1, I have tried
to use that as a gateway but that was also unsuccessfull.
Cheers,
?rjan
--
[x] icq - 496723 [x] url - fobie.net
On Sun, 2003-09-28 at 05:35, ?rjan Persson wrote:> > Am I missing something? The internal network works fine from what > I''ve understood. I have another gateway, 192.168.0.1, I have tried > to use that as a gateway but that was also unsuccessfull.I suspect that you are trying to connect via eth2 but your default route is through eth0. See section 4.2.1 in the LARTC (link available from the Shorewall "Useful Links" page). As an aside, why do you have separate zones for eth0 and eth2???? Do you have different firewalling requirements for the two net zones? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Sun, 2003-09-28 at 07:48, Tom Eastep wrote:> On Sun, 2003-09-28 at 05:35, ?rjan Persson wrote: > > > > > Am I missing something? The internal network works fine from what > > I''ve understood. I have another gateway, 192.168.0.1, I have tried > > to use that as a gateway but that was also unsuccessfull. > > I suspect that you are trying to connect via eth2 but your default route > is through eth0. > > See section 4.2.1 in the LARTC (link available from the Shorewall > "Useful Links" page). > > As an aside, why do you have separate zones for eth0 and eth2???? Do you > have different firewalling requirements for the two net zones? >Also, what is the point of having two different interfaces to the same subnet? Does your ISP support aggregation over the two separate links? -tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep (teastep@shorewall.net) wrote:> On Sun, 2003-09-28 at 07:48, Tom Eastep wrote: > > On Sun, 2003-09-28 at 05:35, ?rjan Persson wrote: > > > > > > > > Am I missing something? The internal network works fine from what > > > I''ve understood. I have another gateway, 192.168.0.1, I have tried > > > to use that as a gateway but that was also unsuccessfull. > > > > I suspect that you are trying to connect via eth2 but your default route > > is through eth0. > > > > See section 4.2.1 in the LARTC (link available from the Shorewall > > "Useful Links" page). > > > > As an aside, why do you have separate zones for eth0 and eth2???? Do you > > have different firewalling requirements for the two net zones? > > > > Also, what is the point of having two different interfaces to the same > subnet? Does your ISP support aggregation over the two separate links? >Hello, Thanks for your answer, Tom! That was some really interesting reading but I haven''t really gotten it to work as I want to. But I''m still trying. ;) Yes - I have different firewall requirements for the two net zones. And the both interfaces is DHCP-managed. So, I thought that would be the best to do. But, from your answer, I guess that wasn''t correct. :P I guess I need to read some more about using shorewall with multiple zones on the same interface. Thanks for a great software. Cheers, ?rjan -- [x] icq - 496723 [x] url - fobie.net