subject:"Re\: \[Shorewall\-users\] one to one DNAT to a machine from NET running on a LOC network"

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

2018-02-09 Thread Tom Eastep

On 02/09/2018 05:58 AM, Zenny wrote:

> 
> BTW, how can I let users from outside (net) to access ( eg.
> ssh/http/https) to a VM instance running in loc zone? In the
> /etc/shorewall/policy,  net2loc is a REJECT by default.
> 
> 

You must use DNAT rules.

-Tom
-- 
Tom Eastep\   Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
  \___



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

2018-02-09 Thread Zenny

On Thu, Feb 8, 2018 at 9:11 PM, Tom Eastep  wrote:

> On 02/08/2018 10:52 AM, Zenny wrote:
> > On Thu, Feb 8, 2018 at 5:22 PM, Tom Eastep  > > wrote:
> >
> > On 02/08/2018 02:07 AM, Zenny wrote:
> > > Hi,
> > >
> > > I am trying to figure out to establish one-to-one NAT to a single
> > > development VM instance running in LOC network to cater it as if
> it is
> > > in the DMZ network.
> > >
> > > Appreciate your inputs. Thanks.
> > >
> >
> > I don't understand completely what you are trying to accomplish. Is
> it
> > that you have a three-interface configuration (net,loc and dmz), and
> you
> > want to have a host in the local network respond to an address that
> > would normally fall in the DMZ?
> >
> >
> > Yep, rightly guessed.
> >
> >
> > If so, are the DMZ addresses public or
> > private?
> >
> >
> > I have just one public IP and the all other networks loc and dmz are
> > running in private network which shorewall handles for DNAT and SNATs.
> >
> >
> > Do you want hosts in the loc zone to be able to use the DMZ
> > address to access this particular system?
> >
> >
> > Exactly!
> >
>
> That is basically Shorewall FAQ 2 (http://www.shorewall.net/FAQ.htm#faq2).
>

Thanks.

BTW, how can I let users from outside (net) to access ( eg. ssh/http/https)
to a VM instance running in loc zone? In the /etc/shorewall/policy,
net2loc is a REJECT by default.

>
> -Tom
> --
> Tom Eastep\   Q: What do you get when you cross a mobster with
> Shoreline, \ an international standard?
> Washington, USA \ A: Someone who makes you an offer you can't
> http://shorewall.org \   understand
>   \___
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>


-- 
Cheers,
/z

-.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.
CONFIDENTIALITY NOTICE AND DISCLAIMER: Access to this e-mail and its
contents by anyone other than the intended recipient is unauthorized as it
contains privileged and confidential information, and is subject to legal
privilege. Please do not re/distribute it.  If you are not the intended
recipient (or responsible for delivery of the message to such person), you
may not use, copy, distribute or deliver the email and part of its contents
to anyone this message (or any part of its contents or take any action in
connection to it. In such case, you should destroy this message, and notify
the sender immediately. If you have received this email in error, please
notify the sender or your sysadmin immediately by e-mail or telephone, and
delete the e-mail from any computer. If you or your employer does not
consent to internet e-mail messages of this kind, please notify the sender
immediately. All reasonable precautions have been taken to ensure no
viruses are present in this e-mail and attachments included. As the sender
cannot accept responsibility for any loss or damage arising from the use of
this e-mail or attachments it is recommended that you are responsible to
follow your virus checking procedures prior to use. The views, opinions,
conclusions and other informations expressed in this electronic mail are
not given or endorsed by any company including the network providers unless
otherwise indicated by an authorized representative independent of this
message.
-.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

2018-02-08 Thread Tom Eastep

On 02/08/2018 10:52 AM, Zenny wrote:
> On Thu, Feb 8, 2018 at 5:22 PM, Tom Eastep  > wrote:
> 
> On 02/08/2018 02:07 AM, Zenny wrote:
> > Hi,
> >
> > I am trying to figure out to establish one-to-one NAT to a single
> > development VM instance running in LOC network to cater it as if it is
> > in the DMZ network. 
> >
> > Appreciate your inputs. Thanks. 
> >
> 
> I don't understand completely what you are trying to accomplish. Is it
> that you have a three-interface configuration (net,loc and dmz), and you
> want to have a host in the local network respond to an address that
> would normally fall in the DMZ?
> 
> 
> Yep, rightly guessed.
>  
> 
> If so, are the DMZ addresses public or
> private?
> 
> 
> I have just one public IP and the all other networks loc and dmz are
> running in private network which shorewall handles for DNAT and SNATs.
>  
> 
> Do you want hosts in the loc zone to be able to use the DMZ
> address to access this particular system?
> 
> 
> Exactly!
>  

That is basically Shorewall FAQ 2 (http://www.shorewall.net/FAQ.htm#faq2).

-Tom
-- 
Tom Eastep\   Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
  \___



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

2018-02-08 Thread Zenny

On Thu, Feb 8, 2018 at 5:22 PM, Tom Eastep  wrote:

> On 02/08/2018 02:07 AM, Zenny wrote:
> > Hi,
> >
> > I am trying to figure out to establish one-to-one NAT to a single
> > development VM instance running in LOC network to cater it as if it is
> > in the DMZ network.
> >
> > Appreciate your inputs. Thanks.
> >
>
> I don't understand completely what you are trying to accomplish. Is it
> that you have a three-interface configuration (net,loc and dmz), and you
> want to have a host in the local network respond to an address that
> would normally fall in the DMZ?


Yep, rightly guessed.


> If so, are the DMZ addresses public or
> private?


I have just one public IP and the all other networks loc and dmz are
running in private network which shorewall handles for DNAT and SNATs.


> Do you want hosts in the loc zone to be able to use the DMZ
> address to access this particular system?
>

Exactly!


>
> -Tom
> --
> Tom Eastep\   Q: What do you get when you cross a mobster with
> Shoreline, \ an international standard?
> Washington, USA \ A: Someone who makes you an offer you can't
> http://shorewall.org \   understand
>   \___
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>


-- 
Cheers,
/z

-.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.
CONFIDENTIALITY NOTICE AND DISCLAIMER: Access to this e-mail and its
contents by anyone other than the intended recipient is unauthorized as it
contains privileged and confidential information, and is subject to legal
privilege. Please do not re/distribute it.  If you are not the intended
recipient (or responsible for delivery of the message to such person), you
may not use, copy, distribute or deliver the email and part of its contents
to anyone this message (or any part of its contents or take any action in
connection to it. In such case, you should destroy this message, and notify
the sender immediately. If you have received this email in error, please
notify the sender or your sysadmin immediately by e-mail or telephone, and
delete the e-mail from any computer. If you or your employer does not
consent to internet e-mail messages of this kind, please notify the sender
immediately. All reasonable precautions have been taken to ensure no
viruses are present in this e-mail and attachments included. As the sender
cannot accept responsibility for any loss or damage arising from the use of
this e-mail or attachments it is recommended that you are responsible to
follow your virus checking procedures prior to use. The views, opinions,
conclusions and other informations expressed in this electronic mail are
not given or endorsed by any company including the network providers unless
otherwise indicated by an authorized representative independent of this
message.
-.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

2018-02-08 Thread Tom Eastep

On 02/08/2018 02:07 AM, Zenny wrote:
> Hi,
> 
> I am trying to figure out to establish one-to-one NAT to a single
> development VM instance running in LOC network to cater it as if it is
> in the DMZ network. 
> 
> Appreciate your inputs. Thanks. 
> 

I don't understand completely what you are trying to accomplish. Is it
that you have a three-interface configuration (net,loc and dmz), and you
want to have a host in the local network respond to an address that
would normally fall in the DMZ? If so, are the DMZ addresses public or
private? Do you want hosts in the loc zone to be able to use the DMZ
address to access this particular system?

-Tom
-- 
Tom Eastep\   Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
  \___

signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

Re: [Shorewall-users] one to one DNAT to a machine from NET running on a LOC network

5 matches

Site Navigation

Mail list logo

Footer information