"Instead" of what ?
DNAT forwards PORTS (not entire host) to a internal host. As the shorewall
site states 99% needs just port forwarding; one-to-one NAT just for special
cases (see http://www.shorewall.net/NAT.htm).
Using DNAT with the last two parameters ( - 93.167.197.51 ) only works using
that IP in /etc/shorewall/proxyarp.
Gilson Soares
On Wed, Nov 19, 2008 at 11:11, Nico Pagliaro <[EMAIL PROTECTED]> wrote:
> Gilson, which is the difference using DNAT instead?
>
>
> On Wed, Nov 19, 2008 at 10:40 AM, Gilson Soares <
> [EMAIL PROTECTED]> wrote:
>
>> Proxyarp (simplifying) is a way to your firewall responds on behalf your
>> IP public address (other than the ip on the eth0 itself). I.E: if someone
>> pings 93.167.197.50 your firewall respond. But if someone pings
>> <http://93.167.197.50>
>> 93.167.197.51 <http://93.167.197.50> nothing happens.
>>
>> So, putting 93.167.197.51 <http://93.167.197.50> in
>> /etc/shorewall/proxyarp will able your firewall to receive all packets to
>> this IP.
>>
>> ### /etc/shorewall/proxyarp
>> 93.167.197.51 eth1 eth0 no
>> ###
>>
>> Doing so, you can finally redirects any access to your internal host:
>>
>> ### /etc/shorewall/rules
>> DNAT net loc:10.10.10.5 tcp ssh - 93.167.197.51
>> ###
>>
>> SSH to 93.167.197.50 go to your firewall
>> SSH to 93.167.197.51 go to your 10.10.10.5 box
>>
>> -Gilson Soares
>>
>>
>> On Tue, Nov 18, 2008 at 06:05, Michael Bernhard Arp Sørensen <
>> [EMAIL PROTECTED]> wrote:
>>
>>> Hi there.
>>>
>>> I've been reading the docs over and over and the understading of proxyarp
>>> escapes me.
>>>
>>> I've set up a firewall. I've got 10 external IP addresses and I want for
>>> a start to set up the first public IP address to access a server on the
>>> inside private network. It's that darn proxyarp that is giving me problems.
>>> All else is working.
>>>
>>> I fail to understand how a public IP like 93.167.197.51 is associated
>>> with my 10.10.10.5 in any way because there's no clear understanding
>>> from the config files.
>>>
>>> My firewall:
>>> eth0: 93.167.197.50 (net)
>>> eth1: 10.10.10.200 (loc)
>>>
>>> Public IP:
>>> 93.167.197.51 port 22
>>>
>>> Server to connect to:
>>> 10.10.10.5 port 22
>>>
>>> If someone could provide me with clues or a simple, working example of
>>> proxyarp in function, I would be very gratefull. :-)
>>>
>>> --
>>> Med venlig hilsen/Kind regards
>>>
>>> Michael B. Arp Sørensen
>>> Programmer / BOFH
>>>
>>> Dansk Minkpapir A/S
>>> Research and Development Lab
>>> Bautavej 1A, indgang C - D
>>> 8210 Aarhus V
>>> Denmark
>>>
>>> I am /root and if you see me laughing you better have a backup.
>>>
>>> -------------------------------------------------------------------------
>>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>>> challenge
>>> Build the coolest Linux based applications with Moblin SDK & win great
>>> prizes
>>> Grand prize is a trip for two to an Open Source event anywhere in the
>>> world
>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>> _______________________________________________
>>> Shorewall-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>>
>>>
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>> challenge
>> Build the coolest Linux based applications with Moblin SDK & win great
>> prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the
>> world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
