I am saying that you use 2 private IP's (xxx.yyy.zzz.1 and xxx.yyy.zzz.2) on your server behind your shorwall FIREWALL or ROUTER (it's in no way server) and then DNAT your public IP's (aaa.bbb.ccc.1 and aaa.bbb.ccc.2) to those private IP's on your server behind firewall:
nat: aaa.bbb.ccc.1 eth1 xxx.yyy.zzz.1 aaa.bbb.ccc.2 eth1 xxx.yyy.zzz.2 So, ones more: server has to have two IP's: private1 = xxx.yyy.zzz.1 private2 = xxx.yyy.zzz.2 and there are two public IP's on firewall(shorewall): public1 = aaa.bbb.ccc.1 public2 = aaa.bbb.ccc.2 and you DNAT public1 to private1 and public2 to private2 I am not able to explain it more simpler. Ljubomir sangprabv wrote: > Hi, > Im a bit confuse 11.22.33.45 is a private IP which owned by a server > behind my firewall. If you ask me to create that IP on my shorewall > server I think it cause conflict right? And FYI 1.2.3.5 is the public > IP. TIA. > > > > Willy > > > On Sun, 2009-05-03 at 12:47 +0200, Ljubomir Ljubojevic wrote: >> sangprabv wrote: >>> Currently I have DNAT rules like here: >>> DNAT net loc:11.22.33.44 tcp 80 1.2.3.4 >>> DNAT net loc:11.22.33.44 tcp 80 1.2.3.5 >>> >>> nat: >>> 1.2.3.4 eth1 11.22.33.44 >> Create 11.22.33.45 on youe server, and add this: >> 1.2.3.5 eth1 11.22.33.45 >> and try deleting DNAT rules. >> >>> masq: >>> +eth0 eth1 >>> >>> Still can not work. >>> >>> >>> >>> Willy >>> >>> >>> On Sat, 2009-05-02 at 20:30 -0700, Tom Eastep wrote: >>>> sangprabv wrote: >>>>> Thanks for correction. My firewall has eth0 with IP 1.2.3.1 as the >>>>> public IP, and eth1 with IP 11.22.33.11 as the local IP. Currently I >>>>> have assigned public IP 1.2.3.4 to be handled by local IP 11.22.33.44. >>>>> But in other case I also want my local IP 11.22.33.44 appears to be >>>>> public IP 1.2.3.5 from the internet. How to do it with shorewall? TIA. >>>> Your question still is as clear as mud -- but: >>>> >>>> - DNAT rules in /etc/shorewall/rules override entries in >>>> /etc/shorewall/nat. >>>> >>>> - Entries in /etc/shorewall/masq that begin with '+' override entries in >>>> /etc/shorewall/nat. >>>> >>>> Hope that helps. >>>> >>>> -Tom >>>> ------------------------------------------------------------------------------ >>>> Register Now & Save for Velocity, the Web Performance & Operations >>>> Conference from O'Reilly Media. Velocity features a full day of >>>> expert-led, hands-on workshops and two days of sessions from industry >>>> leaders in dedicated Performance & Operations tracks. Use code vel09scf >>>> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf >>>> _______________________________________________ Shorewall-users mailing >>>> list [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> ------------------------------------------------------------------------------ >>> Register Now & Save for Velocity, the Web Performance & Operations >>> Conference from O'Reilly Media. Velocity features a full day of >>> expert-led, hands-on workshops and two days of sessions from industry >>> leaders in dedicated Performance & Operations tracks. Use code vel09scf >>> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf >>> _______________________________________________ >>> Shorewall-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> >> >> ------------------------------------------------------------------------------ >> Register Now & Save for Velocity, the Web Performance & Operations >> Conference from O'Reilly Media. Velocity features a full day of >> expert-led, hands-on workshops and two days of sessions from industry >> leaders in dedicated Performance & Operations tracks. Use code vel09scf >> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf >> _______________________________________________ >> Shorewall-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O'Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
