From: Tom Eastep Sent: March 17, 2005 14:38 > > Hugh E Cruickshank wrote: > > > I had read that document but had the impression that that would > only work > > for SNAT or One-To-One NAT (I know I could be wrong). What I am > > looking at doing is taking a limited number of external IP addresses > > (5) and routing them via DNAT to 10-15 different internal systems > > depending on the protocol (i.e. HTTPS, SSH, VNC, PCAnywhere, ICA, > > etc.). The only example I saw for DNAT indicated that the alias was > > setup external to Shorewall so I made the assumption that I would > > have to do the same. > > You are correct -- see my post from earlier today in the thread "Vitual > (sic) or alias interfaces". >
Thanks, I did catch your posting to that thread. Between your info and that from Arne, I *believe* I have that part working now. I have not tested it yet, I need to free up some hardware to try and setup a testing environment that will mimic both the internal and external networks (2 physically separate networks). I am now slogging my way through the old ipchains script so I can define the new (mostly) DNAT entries, a rather slow process. Thanks for all you help. Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
