Michael D Schleif wrote: > This is the problem: > > [1] As desired, tcp 3389 is forwarded (DNAT) from the > Bering-uClibc/shorewall box to a server on the local LAN, when using > the the firewall's external interface. > > [2] When using a DMZ address, tcp 3389 is also forwarded to that server > on the local LAN, and NOT the desired DMZ host. > > [3] The desired result is tcp 3389 to DMZ host when DMZ host is > specified; and forwarded to local LAN when firewall external address > is specified. > > > I think that I know what is going on here; but, I do NOT know what is > the proper configuration. > > What is the correct configuration for this? > > What do you think?
I think that you need to specify the firewall's external IP address in the ORIGINAL DEST column of your DNAT rule for tcp port 3389. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- SF.Net email is sponsored by: Tell us your software development plans! Take this survey and enter to win a one-year sub to SourceForge.net Plus IDC's 2005 look-ahead and a copy of this survey Click here to start! http://www.idcswdc.com/cgi-bin/survey?id=105hix ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html