I read through the documentation, but how to do the following wasn''t obvious to me, or I missed the section that explained it. I want to forward HTTP requests coming from the public internet to the firewall on port 80 to another machine on the public Internet. Of course the replies have to get routed back through the firewall to make it work. I know how to do this using IPTables, but was wondering how to get Shorewall to do this. Thanks. Jim James H. Thompson jht@lava.net
Hi,
I have configured my kernel like the example on
www.shorewall.de/kernel.html, and I have installed shorewall 1.4.8 but when
it''s launched it give me that error:
Loading Modules...
/lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_nat_ftp.o: init_module:
Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including
invalid IO or IRQ parameters.
You may find more information in syslog or the output from dmesg
/lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_nat_irc.o: init_module:
Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including
invalid IO or IRQ parameters.
Somebody can help me ?
Hello:>From ORIGINAL DEST on the Documentation link on the website:The IP address(es) may be optionally followed by ":" and a second IP address. This latter address, if present, is used as the source address for packets forwarded to the server (This is called "Source NAT" or SNAT.>From the rules file:# ORIGINAL DEST <snip> # The address (list) may optionally be followed by # a colon (":") and a second IP address. This causes # Shorewall to use the second IP address as the source # address in forwarded packets. See the Shorewall # documentation for restrictions concerning this feature. # If no source IP address is given, the original source # address is not altered. REDIRECT net net:other_box_ip tcp www - your_pub_ip:your_pub_ip in the rules file "should" do that for you, sorry this is untested for me... Jerry Vonau ----- Original Message ----- From: "James H. Thompson" <jht@lj.net> To: <shorewall-users@lists.shorewall.net> Sent: Wednesday, November 26, 2003 04:53 Subject: [Shorewall-users] Port forwarding question I read through the documentation, but how to do the following wasn''t obvious to me, or I missed the section that explained it. I want to forward HTTP requests coming from the public internet to the firewall on port 80 to another machine on the public Internet. Of course the replies have to get routed back through the firewall to make it work. I know how to do this using IPTables, but was wondering how to get Shorewall to do this. Thanks. Jim James H. Thompson jht@lava.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
On Wed, 2003-11-26 at 05:48, Jerry Vonau wrote:> > >From the rules file: > # ORIGINAL DEST > <snip> > # The address (list) may optionally be followed by > # a colon (":") and a second IP address. This causes > # Shorewall to use the second IP address as the source > # address in forwarded packets. See the Shorewall > # documentation for restrictions concerning this feature. > # If no source IP address is given, the original source > # address is not altered. > > > REDIRECT net net:other_box_ip tcp www - > your_pub_ip:your_pub_ip > > in the rules file "should" do that for you, sorry this is untested for > me... >You need to use DNAT rather than REDIRECT and the ''routeback'' option will need to be set on the external interface. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net