[Shorewall-users] Problem with internal forwards from masqueraded network

[jamesp]

Hello.

I have some port forwards that work good externally. Since I wanted to be
able to use the same domain-name and port combination internally as well
as externally I read through and followed the instructions at
http://shorewall.net/FAQ.htm#faq2. The problem I am having is some of the
forwards work, some don't. They all work externally. Where would I go from
here?

My config is as follows:


providers:
knology         1       0x100       main            eth1           
111.222.333.9   track,balance=1    vlan1,vlan2,vlan3
brighthouse     2       0x200       main            eth2           
111.222.333.145   track,balance=2    vlan1,vlan3


rules:
# External Forwards for the matt-matt dev servers
DNAT    net     vlan1:192.168.198.2:22    tcp     40002
DNAT    net     vlan1:192.168.198.2:3690  tcp     3690
DNAT    net     vlan1:192.168.198.2:3690  tcp     43690
DNAT    net     vlan1:192.168.198.3:80    tcp     40080
DNAT    net     vlan1:192.168.198.3:22    tcp     40003
DNAT    net     vlan1:192.168.198.4:22    tcp     40004
DNAT    net     vlan1:192.168.198.5:22    tcp     40005
DNAT    net     vlan1:192.168.198.5:4569  udp     40569
# Internal forwards for Matt Matt craziness
DNAT    vlan1   vlan1:192.168.198.2:3690        tcp     43690   -      
111.222.333.146
DNAT    vlan1   vlan1:192.168.198.2             tcp     3690    -      
111.222.333.146
DNAT    vlan1   vlan1:192.168.198.2:22          tcp     40002   -      
111.222.333.146
DNAT    vlan1   vlan1:192.168.198.3:22          tcp     40003   -      
111.222.333.146
DNAT    vlan1   vlan1:192.168.198.3:80          tcp     40080   -      
111.222.333.146
DNAT    vlan1   vlan1:192.168.198.4:22          tcp     40004   -      
111.222.333.146
DNAT    vlan1   vlan1:192.168.198.5:22          tcp     40005   -      
111.222.333.146
DNAT    vlan1   vlan1:192.168.198.5:4569        udp     40569   -      
111.222.333.146


masq:
eth1    10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16
111.222.333.9 eth2   
10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16
111.222.333.146
eth1    111.222.333.146   111.222.333.9
eth2    111.222.333.9    111.222.333.146
# oddball from internal to external to internal masquerade crap
vlan1:192.168.198.2     vlan1   192.168.198.1   tcp     43690
vlan1:192.168.198.2     vlan1   192.168.198.1   tcp     3690
vlan1:192.168.198.2     vlan1   192.168.198.1   tcp     40002
vlan1:192.168.198.3     vlan1   192.168.198.1   tcp     40003
vlan1:192.168.198.3     vlan1   192.168.198.1   tcp     40080
vlan1:192.168.198.4     vlan1   192.168.198.1   tcp     40004
vlan1:192.168.198.5     vlan1   192.168.198.1   tcp     40005
vlan1:192.168.198.5     vlan1   192.168.198.1   udp     40569




------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users