similar to: Port forwarding to different Port?

Hi folks, Has anyone out there done port forwarding or DNAT for UDP packets that are normally sent to the broadcast address (255.255.255.255)? I have to support a nasty database application called FileMaker Pro (those of you who know it are probably groaning about now), which uses broadcasts to locate the database server. Theoretically, i can get around this requirement by using LDAP lookups

Hello, I installed my linux server for 3 months now. It does almost everything (dns, web & mail server, firewall ...). I just encounterd two problems with the firewall: behind this server there are 2 computers: i got emule on one and msn on the other. The problem is that I can''t configure well the firewall fore these 2 rules. I''ve added DNAT rules but it

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH

I have two external interfaces in a Multi-ISP config. I allow access to port 81 for a webcam, but I only want that to work for one of the interfaces, and I want to limit the connections to it by maximum time for one user, or failing that, maximum connections, as people just leave it running on their desk all day (it''s a Caribbean beach so people sit and dream). ow do I do that as

Greetings all, I''m a bit of a linux rookie, but a friend and I have built a firewall running Shorewall 1.4.6c over a minimal install of Redhat 9. Out network setup looks something like this: Cable Modem : eth0 :12.xxx.xxx.3 (Zone is named INSIGHT) Campus Lan : eth1 : 10.176.9.21 (Zone is named MULAN) DMZ : eth2 : 192.168.1.0 255.255.255.0 (Zone is named DMZ) Currently, I

Hi, I have 2 internet nic''s with differents ISPs. eth0 = isp1 eth3 = isp2 My internal network is eth1 # /etc/interfaces net eth0 detect routefilter,norfc1918,blacklist net eth3 detect routefilter,norfc1918,blacklist loc eth1 detect # /etc/policy loc net ACCEPT net net DROP

How do I configure my DHCP client to restart Shorewall when it obtains a new IP address? Blake

----- Original Message ----- From: "Jerry Vonau" <jvonau@shaw.ca> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Thursday, August 19, 2004 08:06 Subject: Re: [Shorewall-users] Two Links and DNAT > > > > Btw, by "shorewall show nat" I just noticed that I was doing snat only > > for packets comming

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=71 ------- Additional Comments From laforge@netfilter.org 2003-03-30 21:18 ------- First of all: You didn't even specify the particular kernel version you are running, not even mentioning which versions of which patches you are using (if any). Secondly, I don't see anything strange in this setup. DNAT with FTP sessions

I''m having another little problem with my new firewall. I want outgoing port 25 from my mail server to appear on the address 65.223.121.227 so I created the file masq: eth2 192.168.124.18 65.223.121.227 tcp 25 eth1 eth5 eth1 eth3 eth1 eth4 eth1 == net0 == 209.189.103.196/27 eth2 == net1 == 65.223.121.237/28 eth3 == dmz0 eth4 == dmz1 eth5 == loc ==

Hi. I have strange troubles with DNATing UDP packets. The situation: 1. We have local network 10.10.0.0/16 2. We have a "server network" 192.168.1.0/25 connected with local network by a router 10.10.100.1 (other ip 192.168.1.1). 3. Web server is located at 192.168.1.2 4. There are HW pingers in the net 10.10.0.0/16 whose do ping 10.10.100.1 every second. The ping is the UDP packet

Hello Shorewall list, I''m a happy Shorewall user since a few years now and everything works fine for me except one thing that I try to implement since a week, the multi-isp. I''ve downloaded the 2.4.0 Stable release yesterday and tried the RC2 since a week. My config is a Debian running a kernel 2.4.27 home made with the CONNMARK.diff patch applied I''m using 2 ISP,

Hi. I have a Server''s network with some servers in it, all with 192.168.1.0/25 ips. There is also a router in that network with ip 192.168.1.1. This router also connected to a client''s network 10.10.0.0/16 with ip 10.10.100.1. All services on each server are given their virtual address from one of two virtual networks 192.168.1.128/28 and 192.168.1.144/28. 192.168.1.128/28 is

Hi, im running shorewall 2.0.16 with centos 3 (iptables v1.2.8), everything is working fine for several days, i have configured a masq lan and all the outgoing traffic is ok, but now i want to redirect (port forward) the external web traffic to an internal machine, somethig like this INTERNET ---------> SHOREWALL -------------------> INTERNAL_MACHINE [public

Hi There, Due to shortage computer, I need to install Apache to my Shorewall box (192.168.1.1) But the real web server is on another box (192.168.1.2) I tried to put rule: DNAT net loc:192.168.168.1 tcp 80 But everytime www connection coming in, it will hit my shorewall Any solution? Cheer Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how:

Hello, I tried to find the answer to my problem already but it is a specialised one I think because nothing was found. I previously have a ISP who was very fast ("extreme speed" service from Cable Modem) but that blocked SMTP port and some other for poor non-commercial users... And it gives dynamic addresses so no DNS at home without tricks... So I went to another

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address - 1.2.3.4/29) to the internet ip

IMHO, i believe that it would be more realistic to have one router providing load balancing/dead gateway to one/several subnet(s). otherwise, each server/user would have to do their own load balancing for each subnet! that, or you would need 3 routers, one for each subnet and a linux router doing the load balancing in the middle. with 3 routers, the load balancing configurations

Hey all, I''m trying to setup roadwarrior connection to my internal network. So I''ve setup openvpn to create a tap0 connection and also have bridged the eth1 (leads to my internal computers 192.168.2.10-30 and tap0 which is the VPN connection. On my shorewall setup I have br0 maped to zone loc and eth0 to be my internet and I have masqing on my br0 to get my internal computers