hi all, my linux internet gateway has one fixed public ip and there are several servers on the local net. how to config shorewall such that it can forward a port on the external int. to another port on to a server in local net. Simply speaking, external port http 8000 forward to internal port http 80 I used the DNAT to specify the source port as 8000 and dest port to 80 but it didn''t work. I saw that in the log shorewall didn''t translate port 8000 to 80 before forwarding to the server that''s why I can''t open a web page.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 could you please provide some more information? please gimme the DNAT rule and the logentry of the hit you described. Alex Adrian Mak wrote: | hi all, | | my linux internet gateway has one fixed public ip and there are | several servers on the local net. | | how to config shorewall such that it can forward a port on the | external int. to another port on to a server in local net. Simply | speaking, | external port http 8000 forward to internal port http 80 | I used the DNAT to specify the source port as 8000 and dest port to 80 | but it didn''t work. I saw that in the log shorewall didn''t translate | port 8000 to 80 before forwarding to the server | | that''s why I can''t open a web page. | _______________________________________________ | Shorewall-users mailing list | Post: Shorewall-users@lists.shorewall.net | Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users | Support: http://www.shorewall.net/support.htm | FAQ: http://www.shorewall.net/FAQ.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) iD8DBQFBfipTn4yHpyS1rqARAhbwAJ4ueVtIaUM5VaF06XoJ3lJM8IwG1ACfYOcA 9wDY83dsDM9q0/HOS975W1s=gDTu -----END PGP SIGNATURE-----
On Tuesday 26 October 2004 03:23, Adrian Mak wrote:> hi all, > > my linux internet gateway has one fixed public ip and there are > several servers on the local net. > > how to config shorewall such that it can forward a port on the > external int. to another port on to a server in local netThat is Shorwall FAQ 1C!!! (http://shorewall.net/FAQ.htm#faq1c) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The rule should be something like this:
DNAT net loc:192.168.100.100:80 tcp 8080 - all
You better read again TomĀ“s nice examples written to the top of the
rules file and the FAQ
Alex
Adrian Mak wrote:
| here is my network sample configurations
|
| linux gateway:
| ext: 192.168.103.1/24 , external network 192.168.103.0
| int: 192.168.100.1/24 , internal network 192.168.100.0
|
| web server:
| 192.168.100.100 with http port 80
|
| My scenario is I want users on the external network use 8080 as the
| http port to access the web server which http port is 80 located in
| the internal network
|
| user will access the web server by url
| http://192.168.103.1:8080
|
| #ACTION SOURCE DEST PROTO DEST PORT SOURCE
| ORIGINAL
| # PORT
DEST.
| DNAT any loc:192.168.100.100 tcp 80
| 8080 192.168.103.1
|
|
| On Tue, 26 Oct 2004 12:43:31 +0200, Alexander Wilms
| <alex.wilms@adminguru.org> wrote:
|
| could you please provide some more information?
|
| please gimme the DNAT rule and the logentry of the hit you described.
|
| Alex
|
| Adrian Mak wrote:
| | hi all,
|
|
| |
| | my linux internet gateway has one fixed public ip and there are
| | several servers on the local net.
| |
| | how to config shorewall such that it can forward a port on the
| | external int. to another port on to a server in local net. Simply
| | speaking,
| | external port http 8000 forward to internal port http 80
| | I used the DNAT to specify the source port as 8000 and dest port to 80
| | but it didn''t work. I saw that in the log shorewall didn''t
translate
| | port 8000 to 80 before forwarding to the server
| |
| | that''s why I can''t open a web page.
| | _______________________________________________
| | Shorewall-users mailing list
| | Post: Shorewall-users@lists.shorewall.net
| | Subscribe/Unsubscribe:
| https://lists.shorewall.net/mailman/listinfo/shorewall-users
| | Support: http://www.shorewall.net/support.htm
| | FAQ: http://www.shorewall.net/FAQ.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
iD8DBQFBf8crn4yHpyS1rqARAtqdAJ4hr6nmqw3+wEFfmzkpFfYX19RWrwCgl6eX
Pb49ur62ieYhZkuU0aqVDps=oJSJ
-----END PGP SIGNATURE-----