Helo, I am running version 3.0.4 on Ubuntu Server. My firewall has a public ip ( x.y.z.24 ). I want another public ip (x.y.z.56) and want to redirect to all of traffic that come to it from the internet, to a local ip address (192.168.10.250). Could I do it ? In iptables it looks like: ifconfig eth0:1 x.y.z.56 iptables -A INPUT -d x.y.z.56 -j ACCEPT iptables -t nat -A PREROUTING -d x.y.z.56 -j DNAT --to-destination 192.168.10.250 I tried to make it with shorewall, but when I write to the interfaces net2 eth0:1 detect it gave me an error, doesn''t like the eth0:1 Best regards, Gabor ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Kiss Gábor wrote:> Helo, > > I am running version 3.0.4 on Ubuntu Server. My firewall has a public ip > ( x.y.z.24 ). I want another public ip (x.y.z.56) and want to redirect > to all of traffic that come to it from the internet, to a local ip > address (192.168.10.250). Could I do it ? > In iptables it looks like: > > ifconfig eth0:1 x.y.z.56 > iptables -A INPUT -d x.y.z.56 -j ACCEPT > iptables -t nat -A PREROUTING -d x.y.z.56 -j DNAT --to-destination > 192.168.10.250 > > I tried to make it with shorewall, but when I write to the interfaces > > net2 eth0:1 detect > > it gave me an error, doesn''t like the eth0:1Please read http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html Sounds like you want to use one-to-one NAT. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Tom Eastep írta:> Kiss Gábor wrote: > >> Helo, >> >> I am running version 3.0.4 on Ubuntu Server. My firewall has a public ip >> ( x.y.z.24 ). I want another public ip (x.y.z.56) and want to redirect >> to all of traffic that come to it from the internet, to a local ip >> address (192.168.10.250). Could I do it ? >> In iptables it looks like: >> >> ifconfig eth0:1 x.y.z.56 >> iptables -A INPUT -d x.y.z.56 -j ACCEPT >> iptables -t nat -A PREROUTING -d x.y.z.56 -j DNAT --to-destination >> 192.168.10.250 >> >> I tried to make it with shorewall, but when I write to the interfaces >> >> net2 eth0:1 detect >> >> it gave me an error, doesn''t like the eth0:1 >> > > Please read > > http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html > > Sounds like you want to use one-to-one NAT. > > -Tom >Yes, I tried it but I think I did something wrong because it didn''t work. After that I tried the separate DNAT rule, and it works fine. I will try again the one-to-one nat. Thanks. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Kiss Gábor wrote:> Tom Eastep írta: >> Kiss Gábor wrote: >> >>> Helo, >>> >>> I am running version 3.0.4 on Ubuntu Server. My firewall has a public ip >>> ( x.y.z.24 ). I want another public ip (x.y.z.56) and want to redirect >>> to all of traffic that come to it from the internet, to a local ip >>> address (192.168.10.250). Could I do it ? >>> In iptables it looks like: >>> >>> ifconfig eth0:1 x.y.z.56 >>> iptables -A INPUT -d x.y.z.56 -j ACCEPT >>> iptables -t nat -A PREROUTING -d x.y.z.56 -j DNAT --to-destination >>> 192.168.10.250 >>> >>> I tried to make it with shorewall, but when I write to the interfaces >>> >>> net2 eth0:1 detect >>> >>> it gave me an error, doesn''t like the eth0:1 >>> >> >> Please read >> >> http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html >> >> Sounds like you want to use one-to-one NAT. >> >> -Tom >> > Yes, I tried it but I think I did something wrong because it didn''t > work. After that I tried the separate DNAT rule, and it works fine. > I will try again the one-to-one nat. Thanks.DNAT rules are also ok. Remember that if you use one-to-one NAT, you still need ACCEPT rules to allow the traffic. The entry in /etc/shorewall/nat just arranges for the header addresses to be rewritten; it doesn''t allow any traffic. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642