2010/12/13 Tom Eastep <[email protected]>: > On 12/13/10 9:36 AM, sond wrote: > > FORGET THE NAMES. You have a two-port bridge; that's exactly what the > article has. >
Ok I'm sorry. My fault , my thoughts was confused. I have the portA (link layer interface eth0) and portB (link layer interface tap0). I hope I'm ok with this basic configuration. Can you check it out? world br0 192.168.100.255 bridge,routeback net br0:eth0 loc br0:tap0 fw firewall world ipv4 net:world bport vpn:world bport vpn net ACCEPT net vpn ACCEPT net world ACCEPT world net ACCEPT net all DROP info all all REJECT info > > I'm lost. You have a bridge so everything should be in one IP network > and one broadcast domain. Why do you need any form of NAT? > The question for the NAT regards a real practical problem. I want to remind that the office router/modem has a NAT one-to-one from a public static ip (89.x.y.z) to the br0 ubuntu host ip. (I know that's a potential security hole but for it has to be in this way.) Let suppose I want to reach a shared folder (or a web server, or a ftp server and so on) using the 89.x.y.z. How can I permit that? I know I have to forward the right port to the right host and this is why I thought to the DNAT rules. Something like "DNAT net loc:192.168.100.10 tcp www" for a webserver. Where am I wrong? Thanks again and sorry for my past and present (possible) mistake, Marco ------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
