El 21/04/2010 15:10, Tom Eastep escribió: > Pablo Sebastian Greco wrote: > >> El 21/04/2010 13:38, Santiago Zarate escribió: >> >>> Yea... i guessed... well thanks for the help anyways... ill try to >>> write a blog post just in case anyone else needs a solution like this. >>> >>> >>> >> Actually, if you set the proxy with ip 192.168.2.10 and add 192.168.2.1 >> to the shorewall box, you could just dnat (without masquerade) and >> everything should just work >> >> Am I missing something here? >> > Yes. Responses from 192.168.2.10 back to the client have the wrong > source IP since they don't go through the shorewall box. > > -Tom > If 192.168.1.x don't known about 192.168.2.x, they are forced to go through 192.168.1.1 (shorewall box), and since 192.168.2.10 only knows 192.168.2.1 (shorewall box), so everything should go through the shorewall box and still maintain it's original IP
Pablo. ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
