Hi all. This is my first post at this list. I''ve installed SHOREWALL and work well for me. Thxs. I have one problem. I have two HTTP servers (both work with 80 port). My actual rule: DNAT net dmz:192.168.0.2 tcp 80 work well for one server. At eth0 I have 3 public ip and i want to make something like this: all requests to public ip one to port 80 (151.36.32.132) nat to dmz ip 192.168.0.2 and requests to port 80 to second public ip (151.36.32.134) nat to dmz ip 192.168.0.4 can someone help me ? alberto
Devel wrote:> Hi all. > This is my first post at this list. > > I''ve installed SHOREWALL and work well for me. Thxs. > > I have one problem. > I have two HTTP servers (both work with 80 port). My actual rule: > DNAT net dmz:192.168.0.2 tcp 80 > work well for one server. > > At eth0 I have 3 public ip and i want to make something like this: > all requests to public ip one to port 80 (151.36.32.132) nat to dmz ip > 192.168.0.2 and > requests to port 80 to second public ip (151.36.32.134) nat to dmz ip > 192.168.0.4The answer to this question can be found at: a) The Shorewall FAQ -- FAQ #1 (If you want to forward requests directed to a particular address....). b) The Aliased interface documentation (http://shorewall.net/Shorewall_and_Aliased_Interfaces.html) in the DNAT section. c) The examples in your own rules file (All http requests from the internet to address 130.252.100.69 are to be forwarded to 192.168.1.3). Be that as it may, the two rules you need are: DNAT net dmz:192.168.0.2 tcp 80 - 151.36.32.132 DNAT net dmz:192.168.0.4 tcp 80 - 151.36.32.134 You must of course have the public IP addresses configured on your external interface (see reference b above) or they must be routed to your firewall by the upstream router). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Thxs a lot. This work fine... Alberto At 16.23 13/06/2004, you wrote:>Devel wrote: >>Hi all. >>This is my first post at this list. >>I''ve installed SHOREWALL and work well for me. Thxs. >>I have one problem. >>I have two HTTP servers (both work with 80 port). My actual rule: >>DNAT net dmz:192.168.0.2 tcp 80 >>work well for one server. >>At eth0 I have 3 public ip and i want to make something like this: >>all requests to public ip one to port 80 (151.36.32.132) nat to dmz ip >>192.168.0.2 and >>requests to port 80 to second public ip (151.36.32.134) nat to dmz ip >>192.168.0.4 > >The answer to this question can be found at: > >a) The Shorewall FAQ -- FAQ #1 (If you want to forward requests directed >to a particular address....). > >b) The Aliased interface documentation >(http://shorewall.net/Shorewall_and_Aliased_Interfaces.html) in the DNAT >section. > >c) The examples in your own rules file (All http requests from the >internet to address 130.252.100.69 are to be forwarded to 192.168.1.3). > >Be that as it may, the two rules you need are: > >DNAT net dmz:192.168.0.2 tcp 80 - 151.36.32.132 >DNAT net dmz:192.168.0.4 tcp 80 - 151.36.32.134 > >You must of course have the public IP addresses configured on your >external interface (see reference b above) or they must be routed to your >firewall by the upstream router). > >-Tom >-- >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >Shoreline, \ http://shorewall.net >Washington USA \ teastep@shorewall.net > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: >https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm