Buenas! I want a rule that redirect the incoming connection based on the connection port to an remote host in the network (or wherever). So I add the rule: DNAT net lan:192.168.11.21 tcp 80 Which isnt routed or its rejected in the middle of the way. The IPTables rule are going too if somebody feel like want to see. Thanx in advance. -- Leonardo Korndorfer 736508766f6365086A610864657508610862756E64696E686108646508756D61087269736164696E6861 alt.not.root.coffe.coffe.coffe A monk asked Joshu, "Does a dog have the Buddha nature? Joshu retorted, "Mu!" MSN: leokorndorfer@hotmail.com ICQ: 102788426 Slack + Gentoo ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Leonardo Korndorfer wrote:> Buenas! > > I want a rule that redirect the incoming connection based on the > connection port to an remote host in the network (or wherever). So I add > the rule: > > > DNAT net lan: 192.168.11.21 tcp 80 > > Which isnt routed or its rejected in the middle of the way. The IPTables > rule are going too if somebody feel like want to see. >Have you followed the DNAT debugging tips in Shorewall FAQs 1a and 1b? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Thanx Tom, here goes the pack count.
Chain net_dnat (1 references)
pkts bytes target prot opt in out source
destination
2 120 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 to:192.168.11.11
So, thats the last line of the debugging. Its reaching the last rule, but
that 0.0.0.0/0 destination means what i think that means?
The iptables in the host 11.11 is empty.
On 10/18/06, Tom Eastep <teastep@shorewall.net>
wrote:>
> Leonardo Korndorfer wrote:
> > Buenas!
> >
> > I want a rule that redirect the incoming connection based on the
> > connection port to an remote host in the network (or wherever). So I
add
> > the rule:
> >
> >
> > DNAT net lan: 192.168.11.21 tcp 80
> >
> > Which isnt routed or its rejected in the middle of the way. The
IPTables
> > rule are going too if somebody feel like want to see.
> >
>
> Have you followed the DNAT debugging tips in Shorewall FAQs 1a and 1b?
>
> -Tom
> --
> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
> Shoreline, \ http://shorewall.net
> Washington USA \ teastep@shorewall.net
> PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
>
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
>
--
Leonardo Korndorfer
736508766f6365086A610864657508610862756E64696E686108646508756D61087269736164696E6861
alt.not.root.coffe.coffe.coffe
A monk asked Joshu, "Does a dog have the Buddha nature?
Joshu retorted, "Mu!"
MSN: leokorndorfer@hotmail.com
ICQ: 102788426
Slack + Gentoo
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Leonardo Korndorfer wrote:> Thanx Tom, here goes the pack count. > > Chain net_dnat (1 references) > pkts bytes target prot opt in out source > destination > 2 120 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp > dpt:80 to:192.168.11.11 > > So, thats the last line of the debugging.That means that the requests are at least reaching your firewall. That usually lmeans that either 192.168.11.11 isn''t in the ''lan'' zone or that the default gateway on 192.168.11.11 isn''t set to the IP address of the firewall''s interface to the ''lan'' zone.> Its reaching the last rule, but that 0.0.0.0/0 destination means what i think > that means?How could I possibly know what you think it means? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642