Hello Shorewall-users! After following supplied documentation, mail threads and trying so far I still can''t figure out how to make DNAT net to net works in my Shorewall box. Basically I want to forward all incoming HTTP requests from the Internet that comes to my Shorewall box (5.6.7.8) to other machine (1.2.3.4) at the Internet zone also. These are my configs. Shorewall version: 3.2.2 OS: Debian 3.1 Kernel: 2.4.27 Eth0 IP: 5.6.7.8 mask: 255.255.255.224 IP_FORWARDING=On DETECT_DNAT_IPADDRS=No Shorewall status: running Text editor used: vi ''shorewall show nat'' command: Chain net_dnat (1 references) pkts bytes target prot opt in out source destination 1 60 DNAT tcp -- * * 0.0.0.0/0 5.6.7.8 tcp dpt:80 to:1.2.3.4 some output generated at ''/var/log/shorewall-init.log'': Setting up Masquerading/SNAT... WARNING: default route ignored on interface eth0 zones file: fw firewall net ipv4 interfaces file: net eth0 detect routeback masq file: eth0 eth0 5.6.7.8 tcp 80 policy file: $FW net ACCEPT net net DROP net all DROP info all all REJECT info rules file: ACCEPT $FW net icmp SSH/ACCEPT net $FW DNAT net net:1.2.3.4 tcp 80 - 5.6.7.8 Please can someone give insight where I missed something. Thankyou for your kind attention. Regards, Mark ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Fri, 2006-08-18 at 01:34 +0700, Mark Rompies wrote:> > masq file: > eth0 eth0 5.6.7.8 tcp 80eth0 !<local network> 5.6.7.8 tcp 80 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Tom, It works perfectly. I''m very impressed of Shorewall. As of your given clue, i changed ''masq'' file to: eth0 !255.255.255.224 5.6.7.8 tcp 80 Thankyou very much for you help and < 1 min response :) Regards, Mark On 8/18/06, Tom Eastep <teastep@shorewall.net> wrote:> On Fri, 2006-08-18 at 01:34 +0700, Mark Rompies wrote: > > > > > masq file: > > eth0 eth0 5.6.7.8 tcp 80 > > eth0 !<local network> 5.6.7.8 tcp 80 > > -Tom------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Fri, 2006-08-18 at 02:34 +0700, Mark Rompies wrote:> Tom, > > It works perfectly. I''m very impressed of Shorewall. > > As of your given clue, i changed ''masq'' file to: > eth0 !255.255.255.224 5.6.7.8 tcp 80That isn''t right (although it probably works). I would expect something like: eth0 !192.168.2.0/24 5.6.7.8 tcp 80 where 192.168.2.0/24 is your local network. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642