On Mon, Apr 07, 2008 at 04:26:48PM -0400, Fabricio Vargas wrote: > Hi guys > > I have a problem so i hope this list can help me. > > I have one public IP 200.119.222.122 (Shorewall) > and a DMZ 10.0.1.100/24 (zimbra mail is running there) > > the problem is one service in dmz:10.0.1.100 is trying to connect > fw:200.119.222.122 port 7025 because the service "thinks" it is the same > machine and shorewall rejects the connection. > How can I make the shorewall forward to the same machine 10.0.0.100 when > tried to establish the port 7025. I tried different rules like: > > REDIRECT $FW:10.0.1.100 tcp 7025 - 200.119.222.122 > or > DNAT dmz dmz:10.0.1.100:7025 tcp 7025 > > without success > Fabricio, your problem is covered in Shorewall FAQ #2 [0]. Tom (the author of Shorewall) recommends the following:
The accessibility problem is best solved using Bind Version 9 “views” (or using a separate DNS server for local clients) such that www.mydomain.com resolves to 130.141.100.69 externally and 192.168.1.5 internally. That's what I do here at shorewall.net for my local systems that use one-to-one NAT. Now, if you decide that you don't want to do that, then you can follow the instructions for FAQ 2 for a different solution. Regards, -Roberto [0] http://www.shorewall.net/FAQ.htm#faq2 -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Register now and save $200. Hurry, offer ends at 11:59 p.m., Monday, April 7! Use priority code J8TLD2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
