Dear All,
I have been using shorewall for quite sometime and its a excellent product
and been working fine
I do have a issue which im confused with
i have the following configuration.
internal network having difeerent networks
172.16.2.0/24
10.1.1.0/24
10.2.1.0/24
10.1.2.0/24
internal network ip address
eth1==>10.102.0.1/255.255.255.224
external network ip address
eth0 ==> 10.102.0.12/255.255.255.248
default gateway ==> 10.102.0.9
right now we access from our internal network other corpotare networks
servers having ips of 10.114.101.101 and 10.6.1.3 etc. etc.
now to access these server I have the following masq in the /etc/shorwall
directory
eth0 172.16.2.0/24,\
10.1.1.0/24,\
10.1.2.0/24,\
10.2.1.0/24
and everything is working fine.
now there is a need for the corporate networks users to access 2 of our
servers which have a ip address of 172.16.2.200 and 172.16.2.210
just confused how i gonna give users on the orporate networks access to
web sites on these servers
really apprecite your help.
if you need more information i would be really glad to provide you
regards
simon
--
Network ADMIN
-------------
KUWAIT MUNICIPALITY:
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------------------------------------------------------------
The Next 800 Companies to Lead America''s Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a
Billion" shares his insights and actions to help propel your
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
On 11/7/10 11:25 AM, Benedict simon wrote:> > Dear All, > > I have been using shorewall for quite sometime and its a excellent product > and been working fine > I do have a issue which im confused with > > i have the following configuration. > > internal network having difeerent networks > > 172.16.2.0/24 > 10.1.1.0/24 > 10.2.1.0/24 > 10.1.2.0/24 > > internal network ip address > eth1==>10.102.0.1/255.255.255.224 > > external network ip address > eth0 ==> 10.102.0.12/255.255.255.248 > default gateway ==> 10.102.0.9 > > right now we access from our internal network other corpotare networks > servers having ips of 10.114.101.101 and 10.6.1.3 etc. etc. > now to access these server I have the following masq in the /etc/shorwall > directory > > eth0 172.16.2.0/24,\ > 10.1.1.0/24,\ > 10.1.2.0/24,\ > 10.2.1.0/24 > > and everything is working fine. > > now there is a need for the corporate networks users to access 2 of our > servers which have a ip address of 172.16.2.200 and 172.16.2.210 > > just confused how i gonna give users on the orporate networks access to > web sites on these serversJust add a couple of DNAT rules. You will either need to: a) Use separate port numbers for the two sites; or b) Configure eth0 with a second IP address from the 10.102.0.0/29 subnet and one address for each server. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The Next 800 Companies to Lead America''s Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev
Dear Tom, Thanks you so much for your quick reply really apprecite will try to do the dnat and inform you regards simon Tha> On 11/7/10 11:25 AM, Benedict simon wrote: >> >> Dear All, >> >> I have been using shorewall for quite sometime and its a excellent >> product >> and been working fine >> I do have a issue which im confused with >> >> i have the following configuration. >> >> internal network having difeerent networks >> >> 172.16.2.0/24 >> 10.1.1.0/24 >> 10.2.1.0/24 >> 10.1.2.0/24 >> >> internal network ip address >> eth1==>10.102.0.1/255.255.255.224 >> >> external network ip address >> eth0 ==> 10.102.0.12/255.255.255.248 >> default gateway ==> 10.102.0.9 >> >> right now we access from our internal network other corpotare networks >> servers having ips of 10.114.101.101 and 10.6.1.3 etc. etc. >> now to access these server I have the following masq in the >> /etc/shorwall >> directory >> >> eth0 172.16.2.0/24,\ >> 10.1.1.0/24,\ >> 10.1.2.0/24,\ >> 10.2.1.0/24 >> >> and everything is working fine. >> >> now there is a need for the corporate networks users to access 2 of our >> servers which have a ip address of 172.16.2.200 and 172.16.2.210 >> >> just confused how i gonna give users on the orporate networks access to >> web sites on these servers > > Just add a couple of DNAT rules. You will either need to: > > a) Use separate port numbers for the two sites; or > b) Configure eth0 with a second IP address from the 10.102.0.0/29 subnet > and one address for each server. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > ------------------------------------------------------------------------------ > The Next 800 Companies to Lead America''s Growth: New Video Whitepaper > David G. Thomson, author of the best-selling book "Blueprint to a > Billion" shares his insights and actions to help propel your > business during the next growth cycle. Listen Now! > http://p.sf.net/sfu/SAP-dev2dev_______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------------ The Next 800 Companies to Lead America''s Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev