[Shorewall-users] Problem with Port Forwarding - 2 Network Interfaces.

Thu, 14 Oct 2010 02:37:56 -0700 

I am having a problem getting port forwarding to work. Some basic
information:

I am using Shorewall 4.4.10, which comes with Ubuntu Lucid. My internal
network is 192.168.0.0/24 on eth1 and my external network adaptor eth0
is configured as 192.168.1.2. I am connecting to the Internet via an
ADSL modem/router connected to eth0. I have disabled the firewall in
the modem router. My ISP gives me a fixed ip address 217.146.125.41.

Following the guide I set up the basic two interface installation and
I can browse the Internet from within my internal network. However, I
am having problems setting up port forwarding. I want to forward
several services ssh, http, etc to 192.168.0.30.

In 192.168.0.30  /etc/network/interfaces I have:

iface eth0 inet static
  address 192.168.0.30
  gateway 192.168.0.1
  netmask 255.255.255.0

I know that my ISP is not blocking any ports, as I can connect OK if I
just use my router/modem as a firewall.

Firstly I tried in masq:
eth0                    192.168.0.0/24

in rules:
Web(DNAT)       net             loc:192.168.0.30

IMAPS(DNAT)     net             loc:192.168.0.30
IMAP(DNAT)      net             loc:192.168.0.30
SMTP(DNAT)      net             loc:192.168.0.30

SSH(DNAT)       net             loc:192.168.0.30

I read the FAQ and it seems that no packets are reaching the firewall:

pkts bytes target     prot opt in     out     source 
destination
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0
     0.0.0.0/0           tcp dpt:80 /* Web */ to:192.168.0.30

Since I have a fixed ip address I thought that I should reconfigure my
masq file to use SNAT. So I tried:

eth0:0                 192.168.0.0/24   217.146.125.41

However, if I do this none of the clients on my internal network can
connect to the internet.

Any pointers as to what I am doing wrong gratefully received!

Ian.

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to