Tom Eastep wrote: > mess-mate wrote: >> Hi, >> >> can anybody help me translate this iptable to a shorewall rule : >> >> iptables -t NAT -A POSTROUTING -s GUEST_IP -j SNAT --to-source HOST_IP >> >> Host ip = xx.xx.xx.xx, guest ip subnet is yy.yy.yy.yy/255.255.255.0 >> * > > What problem are you trying to solve? I would be surprised if you > don't already have an entry in /etc/shorewall/masq that does what you > want. > > -Tom > Thanks for the reply. I'm very new to shorewall and say to iptables to :( What i try to solve is this: I've a server to act as a webserver. and for security i want to isolate the webserver part from the rest of the machine. So i installed in the DMZ machine ( as host) a linux-vserver, the guest , but you already know that. So the guest and the host has to deal (use) the same interface : eth1. I solved the routing problem on the router (is also a firewall (shorewall) and proxy (squid). (Maybe you remember my previous posts about that :) Now it works great.) The host have also a shorewall firewall and when i ping from the router to the guest, shorewall (on the host) reject it and of course do not route it to the guest and i can't find why and what todo to resolve it. The "SRC=192.168.20.254" part is from the host (ip 192.168.20.1) and the "DST=192.168.30.1" part is the ip of the guest.
I can ping from the host and the guest to the router but i can not reach the net from the guest . Here the 'ip route ls' from the host: 192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.1 192.168.30.0/24 dev eth1 proto kernel scope link src 192.168.30.1 default via 192.168.20.254 dev eth1 and from the guest: 192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.1 192.168.30.0/24 dev eth1 proto kernel scope link src 192.168.30.1 default via 192.168.20.254 dev eth1 Best regards mess-mate > ------------------------------------------------------------------------ ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
