Hi All AND Tom! On 30/11/2013 19:46, Tom Eastep wrote: > On 11/29/2013 5:14 AM, Angela Williams wrote: >> Hi All! >> >> I have a happy shorewall user who needs something that should quite >> simple but for the life of me I just cannot figure it out! Well other >> than a snat rule! >> >> Two users on the internal network need to make RDP connections to the >> parent companies Terminal Server on a non standard port. Needless to say >> the two external ip address they will be allocated are available and >> they will both connect to the same remote ip address! >> >> Two internal user are 192.168.1.101 and 192.168.1.193 and need to snat >> out on ip's 206.205.204.203 and 206.205.204.204 respectively and be >> limited to access port 3399 on remote ip 223.224.225.226 >> >> The customer is out in the boon-docks and only has a 1M internet >> connection and with over 200 users bandwidth is tight. Normal masq is >> limited to a few users. I have two simple nat rules that allow two >> server unrestricted access. The rest of the user are controlled through >> squid. >> >> All ideas of how to achieve the above would be welcomed! > > /etc/shorewall/rules: > > ACCEPT loc:192.168.1.101,192.168.1.193 net:<RDP ip> tcp 3399 > > /etc/shorewall/masq > > <external if>:<RDP ip> 192.168.1.101 206.205.204.203 > <external if>:<RDP ip> 192.168.1.193 206.205.204.204 > > Where: > > <external if> is the firewall's external interface > <RDP ip> is the IP address of the RDP server
Wow the solution that just works! We have a happy user! It's only in retrospect that it all makes sense! I just kept trying to figure out a solution with SNAT in the masq file! Thanks a mil Tom! Ang -- Angela Williams angierfw at gmail dot com Linux/Networking Hacker Blog http://angierfw.wordpress.com Smile! Yeshua Loves You! ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
