similar to: DNAT problem

Hi Here is a short description of my network: ppp0 (adsl) ppp1 (adsl) | | | | --------------------- | Router | | Firewall | | MASQUERAD | | DNAT | | | | eth0 | --------------------- | | | ---------------------- |

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

Hi. I have a Server''s network with some servers in it, all with 192.168.1.0/25 ips. There is also a router in that network with ip 192.168.1.1. This router also connected to a client''s network 10.10.0.0/16 with ip 10.10.100.1. All services on each server are given their virtual address from one of two virtual networks 192.168.1.128/28 and 192.168.1.144/28. 192.168.1.128/28 is

We''ve just upgraded to a new firewall machine, and a new version of Shorewall. We''re now on 2.04; previous version was 1.3.9b (!). So I''m pretty sure whatever problems we''re having are related to the big version jump. We''re using config files that exactly match our old (working) configuration (IOW, these are things which _were_ working on the old

Hello, I have a Debian-Woody-3.0 Router with 3 NIC''s. Kernelversion 2.4.18 +------------+ +-------------+ | | | | |192.168.1.1 | | 192.168.2.1 | | DSL-Router | | ISDN-Router | +------------+ +-------------+ | |

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=71 ------- Additional Comments From laforge@netfilter.org 2003-03-30 21:18 ------- First of all: You didn't even specify the particular kernel version you are running, not even mentioning which versions of which patches you are using (if any). Secondly, I don't see anything strange in this setup. DNAT with FTP sessions

I would like to place an exchange 5.5 server in my DMZ. Can anyone tell me how I can set this up to allow LAN clients to be able to connect to Exchange and also so I can admin the box from the LAN with Terminal Services? Thank you.

Hello list, I am in the process of switching from IPCOP to Shorewall s the firewall for our small office. I very much like the fact that Shorewall runs on top of the same OS (openSuSE 11.4) that I run on the server and my desktop. Our setup is fairly straightforward. We have 8 static ip addresses from our ISP, which provides a cable modem and a Cisco 800 series router. The ip addresses are

https://bugzilla.netfilter.org/show_bug.cgi?id=850 Summary: DNAT applied even after deleting the IP Tables DNAT Rule Product: iptables Version: 1.4.x Platform: All OS/Version: All Status: NEW Severity: major Priority: P5 Component: iptables AssignedTo: netfilter-buglog at

I have a pretty straightforward shorewall (v 2.0.12) setup in my Phoenix office. IP addresses on the firewall eth0 172.16.10.249 eth1 12.47.198.100 eth1:1 12.47.198.108 eth1:2 12.47.198.101 eth2 172.16.11.249 interfaces: loc eth0 detect net eth1 detect blacklist dmz eth2 detect vpn1 tun1 192.168.124.255 zones net Net

Hi all, net : internet zone dmz : DMZ zone Lan : local network zone in 1.4.6c this rule : DNAT all lan:10.0.0.1 tcp http - 192.0.0.1 does generate the following iptables rules in nat table : Chain OUTPOUT DNAT tcp -- 0.0.0.0/0 192.0.0.1 tcp dpt:http to:10.0.0.1 Chain net_dnat DNAT tcp -- 0.0.0.0/0 192.0.0.1 tcp dpt:http to:10.0.0.1 Chain dmz_dnat

Hi, i''m a shorewall users and i have the following problem: I have one class C range of IP''s and i have three zones (net, dmz , loc) I need create one rule to dnat one valid ip address (but not in use in one computer) to one invalid host in my loc zone. How i do? I try this: DNAT net:200.200.200.200 dmz:200.193.137.38 tcp 137,138,139,445 -

Hi, The private adresses (192.168.254.0/255.255.255.0) of my network are sent dynamically by dhcp on my network. The dhcp server is on the firewall which address is 192.168.254.1/255.255.255.255 (this address is static). I''ve got a rsync server on this network which is on a separe server. His address is 192.168.254.200/255.255.255.255 (this address is static). I want that the users

Dear experts, Quick quotation... I have a sendmail server behind the shorewall-2.1.7 server. I would like to do Port forwarding (DNAT) for clients on the internet, who need to access the mail server. Please let me know, which way is the most suitable to accomplish this; using following 2 types of configurations Setup - Internet -- > shorewall -- > sendmail

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=471 Summary: UDP stream DNAT problem Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: NAT AssignedTo: laforge@netfilter.org ReportedBy:

Whenever I add or remove a DNAT rule such as: iptables -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.1 there is sometimes a delay before the correct nat''ing is done. Can anyone tell me why this is? Is it something to do with caching of routing tables? If so, is there a way to clear them to ensure that the rule takes effect immediately? I am building a simple

If I want to use DNAT to forward data destined for a port on the firewall to a different port on a machine behind the firewall, is this this syntax correct? DNAT net:3599 loc:192.168.0.10 tcp 22 I can find bits at each end in the docs but not both ends. TIA richard

I have been trying to get DNAT to work and I actually have succeeded too, however, not how I thought it would work when reading through the documentation. 1. No matter what I do I cannot get DNAT to work unless I have an entry in eiter the nat or the proxyarp file. Is that really how it''s supposed to be? I can''t find anything about it in the documentation. 2. Also, in the

Hi All, I use rather old Shorewall 3.2.6 and I know it''s no longer supported. I haven''t been updating the software because it works as intended until now. The problem is a simple DNAT rule. I actually have around 8 DNAT rules and they all work just fine. Here is what I want to achieve. I have a SMTP server in my LAN (lets say address 192.168.1.10). The SMTP daemon listens on

Hello, I''m trying to setup DNAT to forward to a PPTP Server behind Shorewall. I setup the PPTP rules per your documentation with tcp port 1723 and Protocol 47 DNAT to my PPTP Server in the local zone. Looking at the logs it is dropping the connection going to port 1723. It is also dropping UDP port 1701, don''t know if it is of any significance. I looked at FAQ 1a and b and the