Hello the list, I''ve got two interfaces : - loc ( 10.0.x.x / 255.255.0.0 ) - dmz ( 10.1.x.x / 255.255.0.1 ) I try to use : dnat loc dmz:10.1.100.1:10000 tcp 10130 10.0.90.1 It''s impossible ? Thank''s Tom for this great soft. Franck
On Wednesday 25 February 2004 08:57 am, Franck BAREL wrote:> Hello the list, > > I''ve got two interfaces : > - loc ( 10.0.x.x / 255.255.0.0 ) > - dmz ( 10.1.x.x / 255.255.0.1 ) > > I try to use : > dnat loc dmz:10.1.100.1:10000 tcp 10130 10.0.90.1 > > It''s impossible ? >It''s incorrect syntax! a) What are you trying to do? b) Why would you need to use DNAT between two RFC1918 networks connected to the same router? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
From: "Franck BAREL" <fbarel@nasinter.net> Subject: [Shorewall-users] Dnat>dnat loc dmz:10.1.100.1:10000 tcp 10130 10.0.90.1Frank you don''t Dnat from "local to dmz". Atleast I''ve never seen a reason why one would want to. Simple add this to your Shorewall rules file. ACCEPT loc dmz tcp 10130
Thank''s for your answer. i can''t use this rule because server in dmz use private adresses ( 10.1.x.x ) so shorewall don''t relay the request. Franck -----Message d''origine----- De : Joshua Banks [mailto:syn_ack@comcast.net] Envoyé : mercredi 25 février 2004 18:11 À : shorewall-users@lists.shorewall.net Objet : Re: [Shorewall-users] Dnat From: "Franck BAREL" <fbarel@nasinter.net> Subject: [Shorewall-users] Dnat>dnat loc dmz:10.1.100.1:10000 tcp 10130 10.0.90.1Frank you don''t Dnat from "local to dmz". Atleast I''ve never seen a reason why one would want to. Simple add this to your Shorewall rules file. ACCEPT loc dmz tcp 10130 _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
----- Original Message ----->From: "Franck BAREL" <fbarel@nasinter.net> >Thank''s for your answer. >i can''t use this rule because server in dmz use private adresses (10.1.x.x ) so shorewall don''t relay the >request. Ok. Anymore info you can provide will help you, help us, help you. Otherwise your problem is a mystery and people are only left to guesses. Are you using proxy arp, ect... ect.. pulling healthy teeth again... Joshua Banks
On Thursday 26 February 2004 12:44 am, Franck BAREL wrote:> Thank''s for your answer. > i can''t use this rule because server in dmz use private adresses ( 10.1.x.x > ) so shorewall don''t relay the request. FranckThat is absolute nonsense! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net