dear all, i have one machine running as router and firewall using shorewall version 2.4.1 (redhat 9.0) and i want to forward packet coming from NET to local network, example eth0 eth1: 192.168.0. 100 eth0:0 from internet--> shorewall machine----> local net Public IP IP Class C eth0:202.152.172.xx1 eth0:0 202.152.172.xx2 1. ssh with putty from Net -> local net ip:192.168.0.101 (portforwarding) (messages: connection refused) can''t connect to host 2. from NET -> Local Net (192.168.0.200 port 8481 -ip camera) (messages: net2fw ACCEPT........) i can''t connect to host my shorewall configuration: 1: interfaces net eth0 detect routefilter,norfc1918,nosmurf,nobogons,tcpflags loc eth1 detect tcpflags,blacklist 2. zones net NET internet devices loc LOCAL Local Network 3.masq eth0 192.168.0.0/24 202.152.172.xx1 eth0:0 192.168.0.0/24 202.152.172.xx2 4.policy net fw ACCEPT info loc net ACCEPT info fw net ACCEPT info net all DROP info all all REJECT info 5. rules: DNAT net loc:192.168.0.101 tcp 22 DNAT net loc:192.168.0.200 tcp 8481 i''m not expert using shorewall, so i think i make something wrong in my configuration????. bests regards, eddy ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> dear all, > > i have one machine running as router and firewall using shorewall version > 2.4.1 (redhat 9.0) and i want to forward packet coming from NET to local > network, example > > eth0 eth1: 192.168.0. 100 > eth0:0 > from internet--> shorewall machine----> local net > Public IP IP Class C > eth0:202.152.172.xx1 > eth0:0 202.152.172.xx2 > > 1. ssh with putty from Net -> local net ip:192.168.0.101 (portforwarding) > (messages: connection refused) can''t connect to host > > 2. from NET -> Local Net (192.168.0.200 port 8481 -ip camera) > (messages: net2fw ACCEPT........) > i can''t connect to host > > my shorewall configuration: > > 1: interfaces > net eth0 detect > routefilter,norfc1918,nosmurf,nobogons,tcpflags > loc eth1 detect tcpflags,blacklist > > 2. zones > net NET internet devices > loc LOCAL Local Network > > 3.masq > eth0 192.168.0.0/24 202.152.172.xx1 > eth0:0 192.168.0.0/24 202.152.172.xx2 > > 4.policy > net fw ACCEPT infoThis is bad... change it to DROP> loc net ACCEPT info > fw net ACCEPT info > net all DROP info > all all REJECT info > > 5. rules: > DNAT net loc:192.168.0.101 tcp 22 > DNAT net loc:192.168.0.200 tcp 8481 >You need to state the orginal destition here: DNAT net loc:192.168.0.101 tcp 22 - 202.152.172.xx1 DNAT net loc:192.168.0.200 tcp 8481 - 202.152.172.xx2> i''m not expert using shorewall, so i think i make something wrong in my > configuration????. > > > bests regards, > > > eddyThink that should help. Jerry ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click