Hi, My scenario: eth0: 200.x.x.x (Public internet) eth1: 192.168.0.1 (LAN) I have a static route to network 192.168.1.0/24 with 192.168.0.254 gw router, and everything. In the remote network 192.168.1.x, I have a server (192.168.1.10). How can I map a port in public address (i.e. 8888) to this server ? If I put a DNAT in rules, the packet (apparently) hit the server, but they don''t returns (perhaps because the source address is the public address). I think that I need to rewrite the source address to 192.168.0.1 before send this packet. Netmap can be the solution or we have an easy approach ? Thanks ! ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 06/14/2012 01:21 PM, alexandre - aldeia digital wrote:> Hi, > > My scenario: > > eth0: 200.x.x.x (Public internet) > eth1: 192.168.0.1 (LAN) > > I have a static route to network 192.168.1.0/24 with 192.168.0.254 gw > router, and everything. > > In the remote network 192.168.1.x, I have a server (192.168.1.10). > > How can I map a port in public address (i.e. 8888) to this server ? > > If I put a DNAT in rules, the packet (apparently) hit the server, but > they don''t returns (perhaps because the source address is the public > address). I think that I need to rewrite the source address to > 192.168.0.1 before send this packet. Netmap can be the solution or we > have an easy approach ?Shorewall FAQ2 -- and note also FAQ 2c. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 06/14/2012 02:36 PM, Tom Eastep wrote:> On 06/14/2012 01:21 PM, alexandre - aldeia digital wrote: >> Hi, >> >> My scenario: >> >> eth0: 200.x.x.x (Public internet) >> eth1: 192.168.0.1 (LAN) >> >> I have a static route to network 192.168.1.0/24 with 192.168.0.254 gw >> router, and everything. >> >> In the remote network 192.168.1.x, I have a server (192.168.1.10). >> >> How can I map a port in public address (i.e. 8888) to this server ? >> >> If I put a DNAT in rules, the packet (apparently) hit the server, but >> they don''t returns (perhaps because the source address is the public >> address). I think that I need to rewrite the source address to >> 192.168.0.1 before send this packet. Netmap can be the solution or we >> have an easy approach ? > > Shorewall FAQ2 -- and note also FAQ 2c.Also, FAQ 1g. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Em 16-06-2012 13:16, Tom Eastep escreveu:> On 06/14/2012 02:36 PM, Tom Eastep wrote: >> On 06/14/2012 01:21 PM, alexandre - aldeia digital wrote: >>> Hi, >>> >>> My scenario: >>> >>> eth0: 200.x.x.x (Public internet) >>> eth1: 192.168.0.1 (LAN) >>> >>> I have a static route to network 192.168.1.0/24 with 192.168.0.254 gw >>> router, and everything. >>> >>> In the remote network 192.168.1.x, I have a server (192.168.1.10). >>> >>> How can I map a port in public address (i.e. 8888) to this server ? >>> >>> If I put a DNAT in rules, the packet (apparently) hit the server, but >>> they don''t returns (perhaps because the source address is the public >>> address). I think that I need to rewrite the source address to >>> 192.168.0.1 before send this packet. Netmap can be the solution or we >>> have an easy approach ? >> Shorewall FAQ2 -- and note also FAQ 2c. > Also, FAQ 1g. > > -TomExactly what I need ! :) Thanks Tom and congratulations for this awesome tool. Best regards, Alexandre ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/