On 3/3/11 10:28 PM, [email protected] wrote: > > I have a backup server, hex, which also has security cameras on eth2. > eth1 is the LAN. > > I want to take a given security camera at IP 10.5.12.40 on eth2 (cam) > and present it to the LAN as 192.168.1.4:80. So in Shorewall rules I > have:
> DNAT net $FW:10.5.12.40 tcp www > ACCEPT net:192.168.1.1 cam tcp www - > > Of course cam is defined in interfaces, zones, and policy. But when > I point my browser at 192.168.1.4 nothing happens. No dmesg firewall > messages, but also nothing else. What am I doing wrong? > Although I responded to your latest post last night, I took another look at your problem this morning. First of all, your rules are wrong. You want a single rule: DNAT net cam:10.5.12.40 tcp www That assumes that 'cam' is defined to be the zone consisting of hosts attached to eth2; e.g., the following in /etc/shorewall/interfaces: cam eth2 - ... Secondly, your camera probably doesn't have a default route defined; in fact, it is probably incapable of having a default route and can only communicate with other hosts on its own LAN. In the latter case, you need this entry in /etc/shorewall/masq: eth2:10.5.12.40 0.0.0.0/0 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
