Hi list, I have a shorewall installed on 2 interfaces which also has multiple static public IP. Let''s say I have 1.2.3.4 and 1.2.3.5. I have assigned nat with: 1.2.3.4 eth0 11.22.33.4 no no But then I have a situation where I need 11.22.33.44 to connect to a host in the net zone and appears also to be 1.2.3.5 not only 1.2.3.4. How to do it? TIA Willy ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
Your question is very vague. You need to ask with more given details, like this: my firewall has eth0 with IP address 1.2.3.4, eth1 with IP address.... sangprabv wrote:> Hi list, > I have a shorewall installed on 2 interfaces which also has multiple > static public IP. Let''s say I have 1.2.3.4 and 1.2.3.5. I have assigned > nat with: > > 1.2.3.4 eth0 11.22.33.4 no no > > But then I have a situation where I need 11.22.33.44 to connect to a > host in the net zone and appears also to be 1.2.3.5 not only 1.2.3.4. > How to do it? TIA"...not only 1.2.3.4 ...." Please elaborate what you mean.> > > > Willy > > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O''Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
Ljubomir Ljubojevic wrote:> Your question is very vague. You need to ask with more given details, > like this: > my firewall has eth0 with IP address 1.2.3.4, eth1 with IP address.... >Or better yet, read http://www.shorewall.net/support.htm#Guidelines -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
Thanks for correction. My firewall has eth0 with IP 1.2.3.1 as the public IP, and eth1 with IP 11.22.33.11 as the local IP. Currently I have assigned public IP 1.2.3.4 to be handled by local IP 11.22.33.44. But in other case I also want my local IP 11.22.33.44 appears to be public IP 1.2.3.5 from the internet. How to do it with shorewall? TIA. Willy ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
sangprabv wrote:> Thanks for correction. My firewall has eth0 with IP 1.2.3.1 as the > public IP, and eth1 with IP 11.22.33.11 as the local IP. Currently I > have assigned public IP 1.2.3.4 to be handled by local IP 11.22.33.44. > But in other case I also want my local IP 11.22.33.44 appears to be > public IP 1.2.3.5 from the internet. How to do it with shorewall? TIA.Your question still is as clear as mud -- but: - DNAT rules in /etc/shorewall/rules override entries in /etc/shorewall/nat. - Entries in /etc/shorewall/masq that begin with ''+'' override entries in /etc/shorewall/nat. Hope that helps. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
Tom Eastep wrote:> sangprabv wrote: >> Thanks for correction. My firewall has eth0 with IP 1.2.3.1 as the >> public IP, and eth1 with IP 11.22.33.11 as the local IP. Currently I >> have assigned public IP 1.2.3.4 to be handled by local IP 11.22.33.44. >> But in other case I also want my local IP 11.22.33.44 appears to be >> public IP 1.2.3.5 from the internet. How to do it with shorewall? TIA. > > Your question still is as clear as mud -- but:He has 2 public IP''s and wishes that both IP''s point (DNAT) to only one local IP, at the same time. sangprabv, try adding another, aliased private IP on your server and add second DNAT rule with public IP2 and private IP2, or please try to treat your problem as Multiple-ISP system with DNAT and read www.shorewall/MultiISP.html.> > - DNAT rules in /etc/shorewall/rules override entries in /etc/shorewall/nat. > > - Entries in /etc/shorewall/masq that begin with ''+'' override entries in > /etc/shorewall/nat. > > Hope that helps. > > -Tom > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O''Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > > > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
Currently I have DNAT rules like here: DNAT net loc:11.22.33.44 tcp 80 1.2.3.4 DNAT net loc:11.22.33.44 tcp 80 1.2.3.5 nat: 1.2.3.4 eth1 11.22.33.44 masq: +eth0 eth1 Still can not work. Willy On Sat, 2009-05-02 at 20:30 -0700, Tom Eastep wrote:> sangprabv wrote: > > Thanks for correction. My firewall has eth0 with IP 1.2.3.1 as the > > public IP, and eth1 with IP 11.22.33.11 as the local IP. Currently I > > have assigned public IP 1.2.3.4 to be handled by local IP 11.22.33.44. > > But in other case I also want my local IP 11.22.33.44 appears to be > > public IP 1.2.3.5 from the internet. How to do it with shorewall? TIA. > > Your question still is as clear as mud -- but: > > - DNAT rules in /etc/shorewall/rules override entries in /etc/shorewall/nat. > > - Entries in /etc/shorewall/masq that begin with ''+'' override entries in > /etc/shorewall/nat. > > Hope that helps. > > -Tom > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O''Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
sangprabv wrote:> Currently I have DNAT rules like here: > DNAT net loc:11.22.33.44 tcp 80 1.2.3.4 > DNAT net loc:11.22.33.44 tcp 80 1.2.3.5 > > nat: > 1.2.3.4 eth1 11.22.33.44Create 11.22.33.45 on youe server, and add this: 1.2.3.5 eth1 11.22.33.45 and try deleting DNAT rules.> > masq: > +eth0 eth1 > > Still can not work. > > > > Willy > > > On Sat, 2009-05-02 at 20:30 -0700, Tom Eastep wrote: >> sangprabv wrote: >>> Thanks for correction. My firewall has eth0 with IP 1.2.3.1 as the >>> public IP, and eth1 with IP 11.22.33.11 as the local IP. Currently I >>> have assigned public IP 1.2.3.4 to be handled by local IP 11.22.33.44. >>> But in other case I also want my local IP 11.22.33.44 appears to be >>> public IP 1.2.3.5 from the internet. How to do it with shorewall? TIA. >> Your question still is as clear as mud -- but: >> >> - DNAT rules in /etc/shorewall/rules override entries in /etc/shorewall/nat. >> >> - Entries in /etc/shorewall/masq that begin with ''+'' override entries in >> /etc/shorewall/nat. >> >> Hope that helps. >> >> -Tom >> ------------------------------------------------------------------------------ >> Register Now & Save for Velocity, the Web Performance & Operations >> Conference from O''Reilly Media. Velocity features a full day of >> expert-led, hands-on workshops and two days of sessions from industry >> leaders in dedicated Performance & Operations tracks. Use code vel09scf >> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf >> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O''Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
Hi, Im a bit confuse 11.22.33.45 is a private IP which owned by a server behind my firewall. If you ask me to create that IP on my shorewall server I think it cause conflict right? And FYI 1.2.3.5 is the public IP. TIA. Willy On Sun, 2009-05-03 at 12:47 +0200, Ljubomir Ljubojevic wrote:> sangprabv wrote: > > Currently I have DNAT rules like here: > > DNAT net loc:11.22.33.44 tcp 80 1.2.3.4 > > DNAT net loc:11.22.33.44 tcp 80 1.2.3.5 > > > > nat: > > 1.2.3.4 eth1 11.22.33.44 > Create 11.22.33.45 on youe server, and add this: > 1.2.3.5 eth1 11.22.33.45 > and try deleting DNAT rules. > > > > > masq: > > +eth0 eth1 > > > > Still can not work. > > > > > > > > Willy > > > > > > On Sat, 2009-05-02 at 20:30 -0700, Tom Eastep wrote: > >> sangprabv wrote: > >>> Thanks for correction. My firewall has eth0 with IP 1.2.3.1 as the > >>> public IP, and eth1 with IP 11.22.33.11 as the local IP. Currently I > >>> have assigned public IP 1.2.3.4 to be handled by local IP 11.22.33.44. > >>> But in other case I also want my local IP 11.22.33.44 appears to be > >>> public IP 1.2.3.5 from the internet. How to do it with shorewall? TIA. > >> Your question still is as clear as mud -- but: > >> > >> - DNAT rules in /etc/shorewall/rules override entries in /etc/shorewall/nat. > >> > >> - Entries in /etc/shorewall/masq that begin with ''+'' override entries in > >> /etc/shorewall/nat. > >> > >> Hope that helps. > >> > >> -Tom > >> ------------------------------------------------------------------------------ > >> Register Now & Save for Velocity, the Web Performance & Operations > >> Conference from O''Reilly Media. Velocity features a full day of > >> expert-led, hands-on workshops and two days of sessions from industry > >> leaders in dedicated Performance & Operations tracks. Use code vel09scf > >> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > >> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > ------------------------------------------------------------------------------ > > Register Now & Save for Velocity, the Web Performance & Operations > > Conference from O''Reilly Media. Velocity features a full day of > > expert-led, hands-on workshops and two days of sessions from industry > > leaders in dedicated Performance & Operations tracks. Use code vel09scf > > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O''Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
I am saying that you use 2 private IP''s (xxx.yyy.zzz.1 and xxx.yyy.zzz.2) on your server behind your shorwall FIREWALL or ROUTER (it''s in no way server) and then DNAT your public IP''s (aaa.bbb.ccc.1 and aaa.bbb.ccc.2) to those private IP''s on your server behind firewall: nat: aaa.bbb.ccc.1 eth1 xxx.yyy.zzz.1 aaa.bbb.ccc.2 eth1 xxx.yyy.zzz.2 So, ones more: server has to have two IP''s: private1 = xxx.yyy.zzz.1 private2 = xxx.yyy.zzz.2 and there are two public IP''s on firewall(shorewall): public1 = aaa.bbb.ccc.1 public2 = aaa.bbb.ccc.2 and you DNAT public1 to private1 and public2 to private2 I am not able to explain it more simpler. Ljubomir sangprabv wrote:> Hi, > Im a bit confuse 11.22.33.45 is a private IP which owned by a server > behind my firewall. If you ask me to create that IP on my shorewall > server I think it cause conflict right? And FYI 1.2.3.5 is the public > IP. TIA. > > > > Willy > > > On Sun, 2009-05-03 at 12:47 +0200, Ljubomir Ljubojevic wrote: >> sangprabv wrote: >>> Currently I have DNAT rules like here: >>> DNAT net loc:11.22.33.44 tcp 80 1.2.3.4 >>> DNAT net loc:11.22.33.44 tcp 80 1.2.3.5 >>> >>> nat: >>> 1.2.3.4 eth1 11.22.33.44 >> Create 11.22.33.45 on youe server, and add this: >> 1.2.3.5 eth1 11.22.33.45 >> and try deleting DNAT rules. >> >>> masq: >>> +eth0 eth1 >>> >>> Still can not work. >>> >>> >>> >>> Willy >>> >>> >>> On Sat, 2009-05-02 at 20:30 -0700, Tom Eastep wrote: >>>> sangprabv wrote: >>>>> Thanks for correction. My firewall has eth0 with IP 1.2.3.1 as the >>>>> public IP, and eth1 with IP 11.22.33.11 as the local IP. Currently I >>>>> have assigned public IP 1.2.3.4 to be handled by local IP 11.22.33.44. >>>>> But in other case I also want my local IP 11.22.33.44 appears to be >>>>> public IP 1.2.3.5 from the internet. How to do it with shorewall? TIA. >>>> Your question still is as clear as mud -- but: >>>> >>>> - DNAT rules in /etc/shorewall/rules override entries in /etc/shorewall/nat. >>>> >>>> - Entries in /etc/shorewall/masq that begin with ''+'' override entries in >>>> /etc/shorewall/nat. >>>> >>>> Hope that helps. >>>> >>>> -Tom >>>> ------------------------------------------------------------------------------ >>>> Register Now & Save for Velocity, the Web Performance & Operations >>>> Conference from O''Reilly Media. Velocity features a full day of >>>> expert-led, hands-on workshops and two days of sessions from industry >>>> leaders in dedicated Performance & Operations tracks. Use code vel09scf >>>> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf >>>> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> ------------------------------------------------------------------------------ >>> Register Now & Save for Velocity, the Web Performance & Operations >>> Conference from O''Reilly Media. Velocity features a full day of >>> expert-led, hands-on workshops and two days of sessions from industry >>> leaders in dedicated Performance & Operations tracks. Use code vel09scf >>> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf >>> _______________________________________________ >>> Shorewall-users mailing list >>> Shorewall-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> >> >> ------------------------------------------------------------------------------ >> Register Now & Save for Velocity, the Web Performance & Operations >> Conference from O''Reilly Media. Velocity features a full day of >> expert-led, hands-on workshops and two days of sessions from industry >> leaders in dedicated Performance & Operations tracks. Use code vel09scf >> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O''Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
Alrite got the idea. Thanks alot. But is it possible if I want public IP aa.bb.cc.1:22 port forwarded to private IP xx.yy.zz.1:22 and public IP aa.bb.cc.1:80 port forwarded to private IP xx.yy.zz.2:80 while xx.yy.zz.2 also appears as aa.bb.cc.2 from the internet? TIA. Willy On Sun, 2009-05-03 at 14:07 +0200, Ljubomir Ljubojevic wrote:> I am saying that you use 2 private IP''s (xxx.yyy.zzz.1 and > xxx.yyy.zzz.2) on your server behind your shorwall FIREWALL or ROUTER > (it''s in no way server) and then DNAT your public IP''s (aaa.bbb.ccc.1 > and aaa.bbb.ccc.2) to those private IP''s on your server behind firewall: > > nat: > aaa.bbb.ccc.1 eth1 xxx.yyy.zzz.1 > aaa.bbb.ccc.2 eth1 xxx.yyy.zzz.2 > > So, ones more: server has to have two IP''s: > private1 = xxx.yyy.zzz.1 > private2 = xxx.yyy.zzz.2 > > and there are two public IP''s on firewall(shorewall): > public1 = aaa.bbb.ccc.1 > public2 = aaa.bbb.ccc.2 > > and you DNAT public1 to private1 and public2 to private2 > > I am not able to explain it more simpler. > > Ljubomir > > sangprabv wrote: > > Hi, > > Im a bit confuse 11.22.33.45 is a private IP which owned by a server > > behind my firewall. If you ask me to create that IP on my shorewall > > server I think it cause conflict right? And FYI 1.2.3.5 is the public > > IP. TIA. > > > > > > > > Willy > > > > > > On Sun, 2009-05-03 at 12:47 +0200, Ljubomir Ljubojevic wrote: > >> sangprabv wrote: > >>> Currently I have DNAT rules like here: > >>> DNAT net loc:11.22.33.44 tcp 80 1.2.3.4 > >>> DNAT net loc:11.22.33.44 tcp 80 1.2.3.5 > >>> > >>> nat: > >>> 1.2.3.4 eth1 11.22.33.44 > >> Create 11.22.33.45 on youe server, and add this: > >> 1.2.3.5 eth1 11.22.33.45 > >> and try deleting DNAT rules. > >> > >>> masq: > >>> +eth0 eth1 > >>> > >>> Still can not work. > >>> > >>> > >>> > >>> Willy > >>> > >>> > >>> On Sat, 2009-05-02 at 20:30 -0700, Tom Eastep wrote: > >>>> sangprabv wrote: > >>>>> Thanks for correction. My firewall has eth0 with IP 1.2.3.1 as the > >>>>> public IP, and eth1 with IP 11.22.33.11 as the local IP. Currently I > >>>>> have assigned public IP 1.2.3.4 to be handled by local IP 11.22.33.44. > >>>>> But in other case I also want my local IP 11.22.33.44 appears to be > >>>>> public IP 1.2.3.5 from the internet. How to do it with shorewall? TIA. > >>>> Your question still is as clear as mud -- but: > >>>> > >>>> - DNAT rules in /etc/shorewall/rules override entries in /etc/shorewall/nat. > >>>> > >>>> - Entries in /etc/shorewall/masq that begin with ''+'' override entries in > >>>> /etc/shorewall/nat. > >>>> > >>>> Hope that helps. > >>>> > >>>> -Tom > >>>> ------------------------------------------------------------------------------ > >>>> Register Now & Save for Velocity, the Web Performance & Operations > >>>> Conference from O''Reilly Media. Velocity features a full day of > >>>> expert-led, hands-on workshops and two days of sessions from industry > >>>> leaders in dedicated Performance & Operations tracks. Use code vel09scf > >>>> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > >>>> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users > >>> > >>> ------------------------------------------------------------------------------ > >>> Register Now & Save for Velocity, the Web Performance & Operations > >>> Conference from O''Reilly Media. Velocity features a full day of > >>> expert-led, hands-on workshops and two days of sessions from industry > >>> leaders in dedicated Performance & Operations tracks. Use code vel09scf > >>> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > >>> _______________________________________________ > >>> Shorewall-users mailing list > >>> Shorewall-users@lists.sourceforge.net > >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users > >>> > >>> > >> > >> ------------------------------------------------------------------------------ > >> Register Now & Save for Velocity, the Web Performance & Operations > >> Conference from O''Reilly Media. Velocity features a full day of > >> expert-led, hands-on workshops and two days of sessions from industry > >> leaders in dedicated Performance & Operations tracks. Use code vel09scf > >> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > >> _______________________________________________ > >> Shorewall-users mailing list > >> Shorewall-users@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > ------------------------------------------------------------------------------ > > Register Now & Save for Velocity, the Web Performance & Operations > > Conference from O''Reilly Media. Velocity features a full day of > > expert-led, hands-on workshops and two days of sessions from industry > > leaders in dedicated Performance & Operations tracks. Use code vel09scf > > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O''Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
sangprabv wrote:> Alrite got the idea. Thanks alot. But is it possible if I want public IP > aa.bb.cc.1:22 port forwarded to private IP xx.yy.zz.1:22 and public IP > aa.bb.cc.1:80 port forwarded to private IP xx.yy.zz.2:80 while > xx.yy.zz.2 also appears as aa.bb.cc.2 from the internet? TIA. > > > > WillyJudging by this below, yes, you should, with DNAT rule in /etc/shorewall/rules, but you will have to test this, or Tom will answer you.>>>>> On Sat, 2009-05-02 at 20:30 -0700, Tom Eastep wrote: >>>>>> Your question still is as clear as mud -- but: >>>>>> >>>>>> - DNAT rules in /etc/shorewall/rules override entries in /etc/shorewall/nat. >>>>>> >>>>>> - Entries in /etc/shorewall/masq that begin with ''+'' override entries in >>>>>> /etc/shorewall/nat. >>>>>> >>>>>> Hope that helps. >>>>>> >>>>>> -Tom------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
On Sun, 03 May 2009 21:16:37 +0700, sangprabv wrote> Alrite got the idea. Thanks alot. But is it possible if I want > public IP aa.bb.cc.1:22 port forwarded to private IP xx.yy.zz.1:22 > and public IP aa.bb.cc.1:80 port forwarded to private IP > xx.yy.zz.2:80 while xx.yy.zz.2 also appears as aa.bb.cc.2 from the > internet? TIA.If I understand it correctly, you want to DNAT several public services a.b.c.1:22,80) to private addresses (x.y.z.1:22 and x.y.z.2:80) and SNAT one of your private address (x.y.z.2) to a specific public address (a.b.c.2)? Regards, -- Urivan Flores-Saaib saaib@ciberlinux.net (858) 431-9734 ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf