hi to all,
I am having problems forwarding from public vip to private vip and back
*configuration files*
interfaces
[CODE]
#ZONE INTERFACE BROADCAST OPTIONS
net eth5 detect
loc bond0 detect
[/CODE]
policy
[CODE]
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
loc all ACCEPT
net all ACCEPT
fw all ACCEPT
#fw net ACCEPT
#all fw ACCEPT
# THE FOLLOWING POLICY MUST BE LAST
all all DROP info
#$FW net ACCEPT
[/CODE]
rules
[CODE]
#ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT
GROUP
#SECTION ESTABLISHED
#SECTION RELATED
#SECTION NEW
#ACCEPT loc all tcp 80 #not needed
# Accept DNS connections from the firewall to the network
#
DNS(ACCEPT) $FW net
#
# Accept SSH connections from the local network for administration
#
SSH(ACCEPT) loc all
SSH(ACCEPT) net all
SSH(ACCEPT) $FW all
#
# Allow Ping from the local network
#
Ping(ACCEPT) $FW all
Ping(ACCEPT) $FW all
Ping(ACCEPT) net all
#
# Drop Ping from the "bad" net zone.. and prevent your log from being
flooded..
#
#Ping(DROP) net $FW
ACCEPT $FW all icmp
ACCEPT loc all icmp
ACCEPT net all icmp
DNAT net loc:192.168.0.237 tcp ssh,80,443 #works
[/CODE]
zones
[CODE]
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4
[/CODE]
masq
[CODE]
eth5 bond0
[/CODE]
In the above my public vip is 195.x.x.21, but i am using a real server
ip (192.168.0.237) and it works. BUT if i use 192.168.0.199 which is the
private vip on the same box it does not work.
Any help???
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
