How can I solve the following problem with Shorewall? Computer A (192.1.41.1) should to be passed through Shorewall from net to DMZ-Computer X (10.1.75.1). Computer B (192.1.74.1) should to be passed through Shorewall from net to DMZ-Computer Y. (10.1.75.2) Both inquiries run on port 22. How does rule have to look? Many thank''s Michael ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
This is http://www.shorewall.net/FAQ.htm#faq1 Make sure you substitute your own zone name for "loc" in the example. - Bob Coffman -----Original Message----- From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] On Behalf Of Michael Menkhoff Sent: Monday, October 16, 2006 3:42 PM To: Shorewall Users Subject: [Shorewall-users] Forwarding How can I solve the following problem with Shorewall? Computer A (192.1.41.1) should to be passed through Shorewall from net to DMZ-Computer X (10.1.75.1). Computer B (192.1.74.1) should to be passed through Shorewall from net to DMZ-Computer Y. (10.1.75.2) Both inquiries run on port 22. How does rule have to look? Many thank''s Michael ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Michael Menkhoff wrote:> How can I solve the following problem with Shorewall? > > Computer A (192.1.41.1) should to be passed through Shorewall from net > to DMZ-Computer X (10.1.75.1). > Computer B (192.1.74.1) should to be passed through Shorewall from net > to DMZ-Computer Y. (10.1.75.2) > Both inquiries run on port 22. > > How does rule have to look? >You haven''t told us enough for us to answer the question. Does computer A know that it must route traffic to 10.1.75.2 through the Shorewall box? Does 10.1.75.2 know that it must route traffic to computer A through the Shorewall box. Does the Shorewall box masquerade the DMZ to the net? If so, do you want traffic from B to A to have source IP 10.1.75.2 or do you want it to have the source IP equal to the external interface of the Shorewall box? If it is to be 10.1.75.2, then the answer to the very first above question must be Yes. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Would this ok be ? DNAT net:192.1.41.1:22 dmz:10.1.75.1 tcp 22 Michael BCJIFD> BCJIFD> This is http://www.shorewall.net/FAQ.htm#faq1 BCJIFD> BCJIFD> Make sure you substitute your own zone name for "loc" in the example. BCJIFD> BCJIFD> - Bob Coffman BCJIFD> BCJIFD> -----Original Message----- BCJIFD> From: shorewall-users-bounces@lists.sourceforge.net BCJIFD> [mailto:shorewall-users-bounces@lists.sourceforge.net] On Behalf Of Michael BCJIFD> Menkhoff BCJIFD> Sent: Monday, October 16, 2006 3:42 PM BCJIFD> To: Shorewall Users BCJIFD> Subject: [Shorewall-users] Forwarding BCJIFD> BCJIFD> BCJIFD> How can I solve the following problem with Shorewall? BCJIFD> BCJIFD> Computer A (192.1.41.1) should to be passed through Shorewall from net to BCJIFD> DMZ-Computer X (10.1.75.1). Computer B (192.1.74.1) should to be passed BCJIFD> through Shorewall from net to DMZ-Computer Y. (10.1.75.2) Both inquiries run BCJIFD> on port 22. BCJIFD> BCJIFD> How does rule have to look? BCJIFD> BCJIFD> Many thank''s BCJIFD> BCJIFD> Michael BCJIFD> BCJIFD> BCJIFD> ------------------------------------------------------------------------- BCJIFD> Using Tomcat but need to do more? Need to support web services, security? BCJIFD> Get stuff done quickly with pre-integrated technology to make your job BCJIFD> easier Download IBM WebSphere Application Server v.1.0.1 based on Apache BCJIFD> Geronimo BCJIFD> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 BCJIFD> _______________________________________________ BCJIFD> Shorewall-users mailing list Shorewall-users@lists.sourceforge.net BCJIFD> https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Michael Menkhoff wrote:> Would this ok be ? > > DNAT net:192.1.41.1:22 dmz:10.1.75.1 tcp 22 >Omit the ":22" DNAT net:192.1.41.1 dmz:10.1.75.1 tcp 22 That rule assumes that you want to "port forward" port 22. It will allow host 192.1.41.1 to connect to port 22 using the firewall''s external IP address as the destination; the request will be forwarded to 10.1.71.1 in the DMZ. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
I think that I try it in such a way. This was the problem definition. Michael TE> Michael Menkhoff wrote:>> Would this ok be ? >> >> DNAT net:192.1.41.1:22 dmz:10.1.75.1 tcp 22 >>TE> TE> Omit the ":22" TE> TE> DNAT net:192.1.41.1 dmz:10.1.75.1 tcp 22 TE> TE> That rule assumes that you want to "port forward" port 22. It will allow host TE> 192.1.41.1 to connect to port 22 using the firewall''s external IP address as the TE> destination; the request will be forwarded to 10.1.71.1 in the DMZ. TE> TE> -Tom TE> -- TE> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool TE> Shoreline, \ http://shorewall.net TE> Washington USA \ teastep@shorewall.net TE> PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642