Alrite got the idea. Thanks alot. But is it possible if I want public IP aa.bb.cc.1:22 port forwarded to private IP xx.yy.zz.1:22 and public IP aa.bb.cc.1:80 port forwarded to private IP xx.yy.zz.2:80 while xx.yy.zz.2 also appears as aa.bb.cc.2 from the internet? TIA.
Willy On Sun, 2009-05-03 at 14:07 +0200, Ljubomir Ljubojevic wrote: > I am saying that you use 2 private IP's (xxx.yyy.zzz.1 and > xxx.yyy.zzz.2) on your server behind your shorwall FIREWALL or ROUTER > (it's in no way server) and then DNAT your public IP's (aaa.bbb.ccc.1 > and aaa.bbb.ccc.2) to those private IP's on your server behind firewall: > > nat: > aaa.bbb.ccc.1 eth1 xxx.yyy.zzz.1 > aaa.bbb.ccc.2 eth1 xxx.yyy.zzz.2 > > So, ones more: server has to have two IP's: > private1 = xxx.yyy.zzz.1 > private2 = xxx.yyy.zzz.2 > > and there are two public IP's on firewall(shorewall): > public1 = aaa.bbb.ccc.1 > public2 = aaa.bbb.ccc.2 > > and you DNAT public1 to private1 and public2 to private2 > > I am not able to explain it more simpler. > > Ljubomir > > sangprabv wrote: > > Hi, > > Im a bit confuse 11.22.33.45 is a private IP which owned by a server > > behind my firewall. If you ask me to create that IP on my shorewall > > server I think it cause conflict right? And FYI 1.2.3.5 is the public > > IP. TIA. > > > > > > > > Willy > > > > > > On Sun, 2009-05-03 at 12:47 +0200, Ljubomir Ljubojevic wrote: > >> sangprabv wrote: > >>> Currently I have DNAT rules like here: > >>> DNAT net loc:11.22.33.44 tcp 80 1.2.3.4 > >>> DNAT net loc:11.22.33.44 tcp 80 1.2.3.5 > >>> > >>> nat: > >>> 1.2.3.4 eth1 11.22.33.44 > >> Create 11.22.33.45 on youe server, and add this: > >> 1.2.3.5 eth1 11.22.33.45 > >> and try deleting DNAT rules. > >> > >>> masq: > >>> +eth0 eth1 > >>> > >>> Still can not work. > >>> > >>> > >>> > >>> Willy > >>> > >>> > >>> On Sat, 2009-05-02 at 20:30 -0700, Tom Eastep wrote: > >>>> sangprabv wrote: > >>>>> Thanks for correction. My firewall has eth0 with IP 1.2.3.1 as the > >>>>> public IP, and eth1 with IP 11.22.33.11 as the local IP. Currently I > >>>>> have assigned public IP 1.2.3.4 to be handled by local IP 11.22.33.44. > >>>>> But in other case I also want my local IP 11.22.33.44 appears to be > >>>>> public IP 1.2.3.5 from the internet. How to do it with shorewall? TIA. > >>>> Your question still is as clear as mud -- but: > >>>> > >>>> - DNAT rules in /etc/shorewall/rules override entries in > >>>> /etc/shorewall/nat. > >>>> > >>>> - Entries in /etc/shorewall/masq that begin with '+' override entries in > >>>> /etc/shorewall/nat. > >>>> > >>>> Hope that helps. > >>>> > >>>> -Tom > >>>> ------------------------------------------------------------------------------ > >>>> Register Now & Save for Velocity, the Web Performance & Operations > >>>> Conference from O'Reilly Media. Velocity features a full day of > >>>> expert-led, hands-on workshops and two days of sessions from industry > >>>> leaders in dedicated Performance & Operations tracks. Use code vel09scf > >>>> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > >>>> _______________________________________________ Shorewall-users mailing > >>>> list [email protected] > >>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users > >>> > >>> ------------------------------------------------------------------------------ > >>> Register Now & Save for Velocity, the Web Performance & Operations > >>> Conference from O'Reilly Media. Velocity features a full day of > >>> expert-led, hands-on workshops and two days of sessions from industry > >>> leaders in dedicated Performance & Operations tracks. Use code vel09scf > >>> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > >>> _______________________________________________ > >>> Shorewall-users mailing list > >>> [email protected] > >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users > >>> > >>> > >> > >> ------------------------------------------------------------------------------ > >> Register Now & Save for Velocity, the Web Performance & Operations > >> Conference from O'Reilly Media. Velocity features a full day of > >> expert-led, hands-on workshops and two days of sessions from industry > >> leaders in dedicated Performance & Operations tracks. Use code vel09scf > >> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > >> _______________________________________________ > >> Shorewall-users mailing list > >> [email protected] > >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > ------------------------------------------------------------------------------ > > Register Now & Save for Velocity, the Web Performance & Operations > > Conference from O'Reilly Media. Velocity features a full day of > > expert-led, hands-on workshops and two days of sessions from industry > > leaders in dedicated Performance & Operations tracks. Use code vel09scf > > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > > _______________________________________________ > > Shorewall-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O'Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
