mess-mate wrote:
> In addition of my previous post;
> the vserver people said _'there is no DNAT:thing '_
> So the only i can think is that the vserver-host have to dnat, do it ?
> That's twice, one's from the router/firewall and now again. And this
> with an $ETH0_IP !
Hi,
Please re-read what I have written in earlier mails. If I understand vserver
networking correct (by just googling for fifteen minutes), you have three
choices:
1) Use DNAT on the vserver host.
2) Use routing on the vserver host.
3) Don't do anything on the vserver host.
... and I have been trying to say that you shouldn't do anything at all on the
vserver host. Definately not DNAT, because you have already DNAT:ted on the
firewall host.
If I was you I'd want to use ip addresses in the same subnet as the vserver
host. If the vserver people can't help you achieve that, then I just have to
wish you good luck. So far nobody on this list have stepped forward and claimed
to be a vserver expert.
So, please go back to the vserver forum and try communicate your situation.
Something like this:
I have an internet connected hosts that is using NAT. In the
DMZ I have a vserver host which has a guest. Is it possible
to configure the vserver host and client in a way that the
following three network interfaces has IP addresses in the
same subnet:
1) firewall DMZ interface
2) vserver host
3) vserver guest
I don't want to DNAT again, because the firewall hosts
already does that. And I don't want to use routing, because
that also complicates things.
Best regards,
/Martin
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
