-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2/20/20 11:40 AM, Bruce Bannerman wrote: > Many thanks for your reply and taking the time to look Tom. > > You are correct, the Reverse Proxy’s IP address is 203.214.66.103. > > The web server is 172.16.4.203. > > I have no problems connecting to the Web Server from the Reverse > Proxy using Ping, ssh etc and vice versa. > > I have a similar situation between my smtp and imaps servers. Both > use public IPs. .100 and .104 respectively. > > .100 is a secondary IP for .103, established using IP ADDRESS ADD > at boot via /etc/network/interfaces (Debian). > > Similarly, .105 and .106 are secondary IPs for .104. > > I hope this helps. >
Okay -- I see a number of entries similar to this one: ipv4 2 tcp 6 407402 ESTABLISHED src=220.181.108.91 dst=203.214.66.103 sport=54830 dport=443 src=172.16.4.103 dst=220.181.108.91 sport=443 dport=54830 [ASSURED] mark=0 zone=0 use=2 The original connection was made from 220.181.108.91 to 203.214.66.103:443. That connection was forwarded to 172.16.4.103. Response packets from 172.16.4.103 to 203.214.66.103 will have their source IP changed back to 203.214.66.103. The entries would be what I would expect if this DNAT rule were to be in place when the connections were established: DNAT net dmz:172.16.4.103 tcp 80,443 - 203.214.66.103 Did you have such a rule before setting up this test? - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIzBAEBCgAdFiEEFNMNR63CLO6yqbL8luaz8kI6TRAFAl5O9KIACgkQluaz8kI6 TRAxwA//eIchGoPhiLRK3OTFlmesOLFMvsEcoeOVeyVEXpYqidRtwbLYSLhMtNUA naO57YaDGnC94yYMOthJbS5N1pvQhRFO11uz4I+fPdUIe1KEq7sxYEw/FX7zYeXB F1I4arlxndW0LKE7zac+vcA/RgQlvb09h2OyasGPe1Ba+cPiGZ7Fk4XAdEf+0vln HK+66TXVORa4N+dmRXl36E/9kCuV7dr68/le69PLNDkb+xreAywswCYWVuSIORYP caqwwSLPpTdFpnb80U3EvlLKccnPEN/KwBqZHhL5mF2lR47nJirEDNoXt9N0orlL jlrljTfQ0B9MSFQSpeeehEp1ZESSks9OVV5HwvjlnJpNsUpsmQKY5HMiTfRBKcU4 h5sVTbrMAQBNdQMvdwdQ7xs8qnVPeFdX0b65+Go8jlgCN/ROuetdKS0ST8VvRyEm V70LWsI8Pfd3zU4t7SN2H9H2nj+EBWPJs1CFeIDn0iqtwaTudfb5u9EmiWHSsOLF F19MwS6m9TG75s6MyhqBdBxQvNfcb4Z8nVGH4my5U6i7asfEbvuVfYRpkqsP7aNp zxd1hmwwtREwwW83tAKJpnd9JoP/tOk9hYGqt+nZ3fyicO/Uvy1qW+POITE3e4wx UwP3uAyNQc2uONEPUryFD5Hjiwf5tiqaQxjVPr0atvx1A9b2umU= =KrwI -----END PGP SIGNATURE----- _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
