Most low end broadband router have a DMZ function which can "expose"
one
of your LAN IP to the public. Does anyone know how to do this in shorewall?
Here''s my problem. I''ve got a 192.168.0.0/24 network behind a
broadband
router (192.168.0.1) and there''s a "special" VoIP device
inside my LAN
(192.168.0.100) which doesn''t do standard H323(for some reason we have
to
use it). I''m going to change the broadband router to a linux box for
VPN
connections. The broadband router was setup by the company which sell us
the VoIP device and that company is also offering the VoIP service.
I''ve got access to the broadband router and I found out that
they''re port
forwarding a few tcp and udp ports to the VoIP device. Also they set the
VoIP device as the DMZ in the router.
Then I setup the linux box and do the same port forwarding as the
broadband router does. But the VoIP doesn''t work. So I call up the tech
support of that company and they said u must do those port forwarding and
also set the VoIP device as the DMZ.
Actually I''m very confuse about this broadband router DMZ function for
a
long time. As I know, DMZ is actually a seperate network from your LAN, so
what is that DMZ inside you LAN? And if you already "expose" your
"1 IP
DMZ" from the broadband router, what''s the point of doing port
forwarding
to the same IP?
Since the broadband router is using linux (sercomm), I''m sure the
linux
box can do it too. So doesn''t anyone know how to do this in shorewall?
If
shorewall can''t do it, how can I do it in iptables?
btw, I can''t use 1 to 1 NAT becoz we only get 1 dynamic IP from the
ISP.
thx for answering.