Hi, i have a setup with a xen server and to interfaces, One to the public net, and one a direct link to a other xen server used for intra domain communication.
dom0 is setup with to bridges, netbr and clubr (cluster bridge), where the dom0 only has a ip address on eth1 on the clubr bridge. There is a domu with two virtual interfaces bound to both clubr and netbr, which makes the firewalling, routing and natting. Every domu has a interfaces connected to the clubr, so intra cluster communication works, and outside access goes via the gateway domu. There is a mailserver which gets the smtp/ssmtp ports from the public interfaces natted to his internal address. Im using shorewall 3.0.5. Alltough a fancy setup, it works. The problem with that is, if a internal domu (except the firewall domu where it is working) wants to access the public mailserver via his official address it doesnt get routed back to the internal address. "picture": web domu (1.2.3.3 -> smtp mail.mysetup.org (external) ->via-> gateway domu (1.2.3.1) ->via-> mail domu (1.2.3.2) (doesnt work) gateway domu rules: # Route external firewall address:25 to internal mailserver DNAT net clu:1.2.3.2:25 tcp 25 # experimental rule (doesnt work, currently disabled and makes strange things) DNAT clu clu:1.2.3.2:25 tcp 25 gateway domu interfaces: net eth0 detect tcpflags,norfc1918 clu eth1 detect routeback Thanks for any idea, Felix ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
