On Thu, Feb 8, 2018 at 9:11 PM, Tom Eastep <teas...@shorewall.net> wrote:

> On 02/08/2018 10:52 AM, Zenny wrote:
> > On Thu, Feb 8, 2018 at 5:22 PM, Tom Eastep <teas...@shorewall.net
> > <mailto:teas...@shorewall.net>> wrote:
> >
> >     On 02/08/2018 02:07 AM, Zenny wrote:
> >     > Hi,
> >     >
> >     > I am trying to figure out to establish one-to-one NAT to a single
> >     > development VM instance running in LOC network to cater it as if
> it is
> >     > in the DMZ network.
> >     >
> >     > Appreciate your inputs. Thanks.
> >     >
> >
> >     I don't understand completely what you are trying to accomplish. Is
> it
> >     that you have a three-interface configuration (net,loc and dmz), and
> you
> >     want to have a host in the local network respond to an address that
> >     would normally fall in the DMZ?
> >
> >
> > Yep, rightly guessed.
> >
> >
> >     If so, are the DMZ addresses public or
> >     private?
> >
> >
> > I have just one public IP and the all other networks loc and dmz are
> > running in private network which shorewall handles for DNAT and SNATs.
> >
> >
> >     Do you want hosts in the loc zone to be able to use the DMZ
> >     address to access this particular system?
> >
> >
> > Exactly!
> >
>
> That is basically Shorewall FAQ 2 (http://www.shorewall.net/FAQ.htm#faq2).
>

Thanks.

BTW, how can I let users from outside (net) to access ( eg. ssh/http/https)
to a VM instance running in loc zone? In the /etc/shorewall/policy,
net2loc is a REJECT by default.

>
> -Tom
> --
> Tom Eastep        \   Q: What do you get when you cross a mobster with
> Shoreline,         \     an international standard?
> Washington, USA     \ A: Someone who makes you an offer you can't
> http://shorewall.org \   understand
>                       \_______________________________________________
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>


-- 
Cheers,
/z

-.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.
CONFIDENTIALITY NOTICE AND DISCLAIMER: Access to this e-mail and its
contents by anyone other than the intended recipient is unauthorized as it
contains privileged and confidential information, and is subject to legal
privilege. Please do not re/distribute it.  If you are not the intended
recipient (or responsible for delivery of the message to such person), you
may not use, copy, distribute or deliver the email and part of its contents
to anyone this message (or any part of its contents or take any action in
connection to it. In such case, you should destroy this message, and notify
the sender immediately. If you have received this email in error, please
notify the sender or your sysadmin immediately by e-mail or telephone, and
delete the e-mail from any computer. If you or your employer does not
consent to internet e-mail messages of this kind, please notify the sender
immediately. All reasonable precautions have been taken to ensure no
viruses are present in this e-mail and attachments included. As the sender
cannot accept responsibility for any loss or damage arising from the use of
this e-mail or attachments it is recommended that you are responsible to
follow your virus checking procedures prior to use. The views, opinions,
conclusions and other informations expressed in this electronic mail are
not given or endorsed by any company including the network providers unless
otherwise indicated by an authorized representative independent of this
message.
-.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to