Hi. Im setting up a web farm test lab. I have a number of machines in the test last on a dmz zone on network 10.20.30.0.
The test lab firewall has two NICS. One (eth0) has two ip addresses, eth0 10.161.101.40 and eth0:0 10.161.10.49. The other one, eth1 is on a private network, 10.20.30.0. I want to use DNAT to allow test engineers to ssh into the machines in the web farm. I have included the following rules. Pound is running and listening on port 80 and 443 of the firewall. #SECTION NEW ACCEPT net $FW tcp 22 Ping/ACCEPT net $FW:10.161.101.40 Ping/ACCEPT net $FW:10.161.101.49 ACCEPT net $FW:10.161.101.40 tcp 80 ACCEPT net $FW:10.161.101.40 tcp 443 ACCEPT net $FW:10.161.101.49 tcp 80 ACCEPT dmz $FW tcp 8970 ACCEPT dmz $FW tcp 8971 ACCEPT $FW dmz DNAT net dmz:10.20.30.21:22 tcp 22 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE My problem is with the DNAT entry. If I enable it, when someone uses ssh to log into the firewall (the first rule), somehow the request is forwarded to the dmz:10.20.30.21 machine. If I comment out the DNAT rule, logging into the firewall using ssh works. Any help would be appreciated. Rob Hicks ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
