This is the problem:
[1] As desired, tcp 3389 is forwarded (DNAT) from the
Bering-uClibc/shorewall box to a server on the local LAN, when using
the the firewall's external interface.
[2] When using a DMZ address, tcp 3389 is also forwarded to that server
on the local LAN, and NOT the desired DMZ host.
[3] The desired result is tcp 3389 to DMZ host when DMZ host is
specified; and forwarded to local LAN when firewall external address
is specified.
I think that I know what is going on here; but, I do NOT know what is
the proper configuration.
What is the correct configuration for this?
What do you think?
----------
Here is a brief summary of the configuration. I will gladly provide
more information, as required.
Network: 67.63.3.80 /28
Gateway: 67.63.3.81
Bering eth0: 67.63.3.82
Bering eth1: 10.0.0.254 /24
Bering eth2: 192.168.1.1 /24
Proxy Arp DMZ: 67.63.3.83 - 67.63.3.94
----------
/etc/shorewall/rules:
DNAT net loc:10.0.0.4 tcp 3389
----------
Appropriate iptable:
Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
1021K 767M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
1900 100K ACCEPT tcp -- * * 0.0.0.0/0 10.0.0.2 tcp dpt:25
23 1120 ACCEPT tcp -- * * 0.0.0.0/0 10.0.0.4 tcp dpt:3389
0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
--
Best Regards,
mds
mds resource
877.596.8237
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know. The more I know, the more I know I don't know . . .
--
signature.asc
Description: Digital signature
