On Wednesday 23 November 2005 11:38, Anderson Oliveira wrote:> Hi, > > > > I have at: > > # /etc/shorewall/rules > > DNAT net loc:172.16.20.11:80 tcp 80 - > 201.6.120.4 > > My interface eth0 is 201.6.120.3 > > > My question is..... Is necessary to assing a alias to eth0 with address > 201.6.120.4 ? >Normally, yes. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Hi, I have at: # /etc/shorewall/rules DNAT net loc:172.16.20.11:80 tcp 80 - 201.6.120.4 My interface eth0 is 201.6.120.3 My question is..... Is necessary to assing a alias to eth0 with address 201.6.120.4 ? How can I make it better or correctly? Best Regards, Anderson. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
Anderson wrote on 23/11/2005 17:41:41:> Hi, > > > > But I need to know........ > > Is necessary to assing a alias in the eth0 with ip address 201.6.120.4???> > I remember that shorewall 1.4.x, is not necessary to assing a alias ip,with> that DNAT rule listed. >Well, you can always test both options and see if it works... Or else, you can read the documentation. I''m sure it talks about this... cheers, -- Eduardo Ferreira
On Wednesday 23 November 2005 12:41, Anderson Oliveira wrote:> Hi, > > > > But I need to know........ > > Is necessary to assing a alias in the eth0 with ip address 201.6.120.4 ??? > > I remember that shorewall 1.4.x, is not necessary to assing a alias ip, > with that DNAT rule listed. >Nothing has changed in that regard since Shorewall 1.4. I don''t know what else I can tell you. You have said absolutely NOTHING about your configuration except for giving us ONE RULE!!! We are not mind-readers. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Hi, But I need to know........ Is necessary to assing a alias in the eth0 with ip address 201.6.120.4 ??? I remember that shorewall 1.4.x, is not necessary to assing a alias ip, with that DNAT rule listed. Best Regards, Anderson. ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: <shorewall-users@lists.sourceforge.net> Cc: "Anderson Oliveira" <acw.oliveira@gmail.com> Sent: Wednesday, November 23, 2005 3:39 PM Subject: Re: [Shorewall-users] Problem with DNAT ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
On Wednesday 23 November 2005 11:46, Tom Eastep wrote:> On Wednesday 23 November 2005 12:41, Anderson Oliveira wrote: > > Hi, > > > > > > > > But I need to know........ > > > > Is necessary to assing a alias in the eth0 with ip address 201.6.120.4 > > ??? > > > > I remember that shorewall 1.4.x, is not necessary to assing a alias ip, > > with that DNAT rule listed. > > Nothing has changed in that regard since Shorewall 1.4. I don''t know what > else I can tell you. You have said absolutely NOTHING about your > configuration except for giving us ONE RULE!!! We are not mind-readers.In general, you need to add the address as an alias (see http://shorewall.net/Shorewall_and_Aliased_Interfaces.html) if you want the Shorewall system to respond to ARP "who-has" requests for the address. In the case where traffic to 201.6.120.4 is being routed by upstream routers (and other systems in the external subnet) through 201.6.120.3, then you DO NOT need the alias -- otherwise, you do. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom, Now I understood. As always, thanks a lot. Best Regards, Anderson. ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: <shorewall-users@lists.sourceforge.net> Cc: "Anderson Oliveira" <acw.oliveira@gmail.com> Sent: Wednesday, November 23, 2005 8:17 PM Subject: Re: [Shorewall-users] Problem with DNAT ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click