similar to: clarification: Port Forward

I am attempting to forward http requests to my external interface, from internal machines to a machine that is located on the internal interface, via the firewall rules. Externally, I am able to forward the port to the webserver located behind the firewall, and I want to use the same hostname/ip for clients if they are on both sides of the firewall. Note, that I only want to do just the one port,

# shorewall version 3.2.1 SNAT is enabled. Setting up DNAT to do port forwarding -- this example looked exactly like what I wanted: (FAQ 1c) From the internet, I want to connect to port 1022 on my firewall and have the firewall forward the connection to port 22 on local system 192.168.1.3. How do I do that? In /etc/shorewall/rules: #ACTION SOURCE DEST PROTO DEST PORT

I read faq(1c) which can forward one port to another port like #ACTION SOURCE DEST PROTO DEST PORT DNAT net loc:192.168.1.3:22 tcp 1022 how about if I want to forward a range of port to a mchine ? my scenairo is there is a ftp server behind firewall and I use publish 8021 to public but the ftp is actually running port 21, so I added this rule DNAT

Hello, I''ve checked the FAQ, and it tells that there is a GUI interface , does that applis to version 1.4 as well as version 2.0 Sorry if it is a silly question, but just wanted to be sure Kind Regards Samer _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE!

Hi, At the moment I am controlling my LAN client access to the Inet by their MAC address. Currently I am putting their MAC address in the rules file - now the number of the PC that I want to manage is getting more and more and it is not practicle to do this way anymore. My question is, how can I have their MAC address in other separate file? Regards http://www.debian.org/consultants/#Malaysia

The 3.1 Beta is now available -- check the Shorewall home page. -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

I''m seeing what may be sort of strange behavior - My machine is behind a Shorewall firewall, which, in the rules section, includes: AllowBitTorrent, any source, any dest I''m wondering - how is my machine behind the firewall able to upload, since no port forwarding related to bittorrent is taking place? (Just to clarify - it IS uploading) I looked at the AllowBitTorrent

Hi All I have had a look through the documentation but I can''t see how to do this. I want to setup DNAT for an incoming connection. The connection must be forwarded to a server on a masqueraded server behind the firewall. The tricky part is I need to forward to a different port to the one that the request arrived on. I can do this: firewall.public.ip:5800 ->

Hola and thanks for any help in advance I installed mandrake 9 a few days ago and wanted to set up some additional rules to shorewall, bu i failed :) What i want to do is basicly route any incomming udp and tcp packets on port 4665 to a workstation behind the router. router with mandrake 9, eth0 (192.168.0.1) internal net, eth1(10.0.0.0) connected to dsl modem and gets a dynamic ip

I give up and need help! I won''t add to the confusion by showing all the combinations I have tried unsuccessfully... and yes, I''ve read FAQ2 and FAQ2a many times! When googling the subject of this post there are many answers that boil down to using the same three iptables rules, two of which use nat. I won''t repeat them here. I don''t want to risk mixing

Hi all, I have a VPN setup but it only works once in a while. It seems my firewall (shorewall 3.0.8) is blocking protocol 47. Here is what I have: eth0: internet eth2: dmz - my pptp server My entry In the rules file: pptp/ACCEPT fw dmz:192.168.253.2 My pptp macro ############################################################################### #ACTION SOURCE

Hi, I''m trying to get RAdmin [uses tcp 4889] access to my Windows machine which is behind my firewall. I have zones: gbl : the world loc : my lan fw : firewall I placed the following in my rules file DNAT gbl loc:192.168.0.2 tcp 4889 - When trying to RAdmin I get a cannot conect to server error. 192.168.0.2 is my Windows Machines IP address. Can anyone help me? Shorewall 1.3.9b

I want smtp requests from the internet to address 202.1.2.3 are to be forwarded to 192.168.1.109, so I set ORIGINAL DEST is 202.1.2.3 but when I restart it show error: iptables v1.2.11: invalid TCP port/service `210.0.214.212'' specified Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -A net2loc -p tcp

Hi, im running shorewall 2.0.16 with centos 3 (iptables v1.2.8), everything is working fine for several days, i have configured a masq lan and all the outgoing traffic is ok, but now i want to redirect (port forward) the external web traffic to an internal machine, somethig like this INTERNET ---------> SHOREWALL -------------------> INTERNAL_MACHINE [public

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The original post was over 300,000kb so I didn''t spam the list with it -TE. | | | Thank you for your quick and helpful response. | | I didn''t understand that the virtual interface eth0:1 doesn''t count as a separate instance from eth0. | I am sorry to ask for further assistance and would appreciate any help. The error

What changes would I need to make if there is a 4th interface that is going to a DMZ Thanks Gene

Greetings all, I''m a bit of a linux rookie, but a friend and I have built a firewall running Shorewall 1.4.6c over a minimal install of Redhat 9. Out network setup looks something like this: Cable Modem : eth0 :12.xxx.xxx.3 (Zone is named INSIGHT) Campus Lan : eth1 : 10.176.9.21 (Zone is named MULAN) DMZ : eth2 : 192.168.1.0 255.255.255.0 (Zone is named DMZ) Currently, I

I have a lan with shorewall running as firewall and two local machines, where 10.1.1.2 and 10.1.1.15 are two internal mail servers and where 124.124.124.124 and 123.123.123.123 are the external IPs for the mail servers. The two mail servers need to communicate with each other via smtp (for sending mail from domains hosted on one to the other) but its giving issues. Specificaly when one server

interfaces: local eth0 192.168.1.255 dhcp golive eth1 172.30.15.255 wiredc eth2 202.37.230.127 dhcp wave eth3 203.96.213.255 hosts: ipsec eth2:192.168.192.0/24 rules: DNAT wiredc local:192.168.1.3 tcp 80 - DNAT wave local:192.168.1.3 tcp 80 - 203.96.213.73 The rules here

hi all, my linux internet gateway has one fixed public ip and there are several servers on the local net. how to config shorewall such that it can forward a port on the external int. to another port on to a server in local net. Simply speaking, external port http 8000 forward to internal port http 80 I used the DNAT to specify the source port as 8000 and dest port to 80 but it