Hi all,
I'm running shorewall-3.0.5 and am having an issue with DNAT.
The shorewall machine has 3 interfaces, one for Internet, one for the
LAN and one for public DMZ.
- LAN to Internet is masqueraded
- DMZ and Internet interfaces are bridged
We are running an http server on a machine from our DMZ.
There is also an http server on our LAN, thus I forwarded a port from
our firewall to port 80 of the LAN machine.
THE ISSUE is that when I enable the forward rule, all packet arriving on
port 80 of the firewall are forwarded to the LAN event though the dest
IP is one of the DMZ public.
The rule is DNAT net loc:lan_machine_ip:80 tcp 80
The resulting iptables part is DNAT tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:lan_machine_ip:80
The problem is that we should be able to specify a destination IP (where
I could put the firewall IP) and I didn't see a way of doing that in
Shorewall.
Is that a known limitation ?
------------------
Bruno LEON
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
