dear all,
i have one machine running as router and firewall using shorewall version
2.4.1 (redhat 9.0) and i want to forward packet coming from NET to local
network, example
eth0 eth1: 192.168.0. 100
eth0:0
from internet--> shorewall machine----> local net
Public IP IP Class C
eth0:202.152.172.xx1
eth0:0 202.152.172.xx2
1. ssh with putty from Net -> local net ip:192.168.0.101 (portforwarding)
(messages: connection refused) can''t connect to host
2. from NET -> Local Net (192.168.0.200 port 8481 -ip camera)
(messages: net2fw ACCEPT........)
i can''t connect to host
my shorewall configuration:
1: interfaces
net eth0 detect
routefilter,norfc1918,nosmurf,nobogons,tcpflags
loc eth1 detect tcpflags,blacklist
2. zones
net NET internet devices
loc LOCAL Local Network
3.masq
eth0 192.168.0.0/24 202.152.172.xx1
eth0:0 192.168.0.0/24 202.152.172.xx2
4.policy
net fw ACCEPT info
loc net ACCEPT info
fw net ACCEPT info
net all DROP info
all all REJECT info
5. rules:
DNAT net loc:192.168.0.101 tcp 22
DNAT net loc:192.168.0.200 tcp 8481
i''m not expert using shorewall, so i think i make something wrong in my
configuration????.
bests regards,
eddy
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> dear all, > > i have one machine running as router and firewall using shorewall version > 2.4.1 (redhat 9.0) and i want to forward packet coming from NET to local > network, example > > eth0 eth1: 192.168.0. 100 > eth0:0 > from internet--> shorewall machine----> local net > Public IP IP Class C > eth0:202.152.172.xx1 > eth0:0 202.152.172.xx2 > > 1. ssh with putty from Net -> local net ip:192.168.0.101 (portforwarding) > (messages: connection refused) can''t connect to host > > 2. from NET -> Local Net (192.168.0.200 port 8481 -ip camera) > (messages: net2fw ACCEPT........) > i can''t connect to host > > my shorewall configuration: > > 1: interfaces > net eth0 detect > routefilter,norfc1918,nosmurf,nobogons,tcpflags > loc eth1 detect tcpflags,blacklist > > 2. zones > net NET internet devices > loc LOCAL Local Network > > 3.masq > eth0 192.168.0.0/24 202.152.172.xx1 > eth0:0 192.168.0.0/24 202.152.172.xx2 > > 4.policy > net fw ACCEPT infoThis is bad... change it to DROP> loc net ACCEPT info > fw net ACCEPT info > net all DROP info > all all REJECT info > > 5. rules: > DNAT net loc:192.168.0.101 tcp 22 > DNAT net loc:192.168.0.200 tcp 8481 >You need to state the orginal destition here: DNAT net loc:192.168.0.101 tcp 22 - 202.152.172.xx1 DNAT net loc:192.168.0.200 tcp 8481 - 202.152.172.xx2> i''m not expert using shorewall, so i think i make something wrong in my > configuration????. > > > bests regards, > > > eddyThink that should help. Jerry ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click