[Shorewall-users] DNAT with marks howto?

Thu, 24 May 2012 04:36:49 -0700 

Hi

 

I have a server with 2 routers(192.168.254.1 and 192.168.254.3) connected on
the same interface on the server(192.168.254.2).  Both route to a 10.0.0.0/8
network.

 

I have the following custom rules which sorts out the routing for me and
below each have written the shorewall equivalent  and marked some stuff with
????

 

Please check what I have and help me on the ????

 

 

ip rule add fwmark 0x1 table r1

ip rule add fwmark 0x2 table r2

>>>>/etc/shorewall/providers
>>>>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY          OPTIONS
COPY
>>>>r1  1       1    -      eth0      192.168.254.1 track      ??
>>>>r1  2       2    -      eth0      192.168.254.2 track      ??

 

 

 

ip route add 10.0.0.0/8 via 192.168.254.1 table r1

ip route add 10.0.0.0/8 via 192.168.254.3 table r2

>>>>/etc/shorewall/routes

???

???

 

 

-A PREROUTING -p tcp -m tcp --dport 22120 -j MARK --set-mark 0x01

-A PREROUTING -p tcp -m tcp --dport 22122 -j MARK --set-mark 0x02

>>>>/etc/shorewall/tcrules

>>>>#ACTION   SOURCE    DEST      PROTO   PORT(S)    SOURCE  USER TEST
LENGTH TOS CONNBYTES HELPER
>>>>#                                                PORT(S)
>>>>1:T       0.0.0.0/0 0.0.0.0/0 TCP     22120          -       -    -    -
-   -         
>>>>2:T       0.0.0.0/0 0.0.0.0/0 TCP     22122          -       -    -    -
-   -         
 

 

 

 

 

-A PREROUTING -p tcp -m tcp --dport 22120 -j DNAT --to-destination
10.0.2.62:6001

-A PREROUTING -p tcp -m tcp --dport 22122 -j DNAT --to-destination
10.0.0.5:6001

>>>>#ACTION  SOURCE DEST            PROTO   DEST    SOURCE  ORIGINAL
>>>>#                                       PORT    PORT(S) DEST
>>>>DNAT     net    apn:10.0.2.61:6001   tcp     22120      -
196.44.33.33
>>>>DNAT     net    apn:10.0.0.5:6001   tcp     22122      -
196.44.33.33
 
 

 

 

 

 

-A POSTROUTING -d 10.0.0.0/8 -j SNAT --to-source 192.168.254.2

>>>>/etc/shorewall/masq

>>>>#INTERFACE   SOURCE           ADDRESS         PROTO   PORT(S)
>>>>eth0         ??    192.168.254.2

 

Kind Regards

Jan van der Vyver

 

 

 

 


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to