>Hi, > >I am trying to make connections that go to the firewall (10.10.10.100 >internal) on port TCP/5900 be redirected to an internal host (10.10.10.2) >but cannot get it to work, the firewall starts ok and shows no errors when >starting up and there are no log entries in the syslog to suggest that the >packets are being dropped, could you please advise? I have attached a copy >of the 'shorewall dump' command. > >thanks,
Hi David, I don't really know how to read Shorewall dumps, but what I saw in your dump confused me a bit. It appears that the system running Shorewall has only one configured Ethernet interface (eth0). However, your configuration appears to be based on a two-interface setup (because your dump includes loc, net, and fw zones). This isn't necessarily wrong, but unless you have some reason for having more than two zones (loc and fw), it seems unnecessary to me. On to your actual problem: In your interfaces file, add the 'routeback' option to eth0 (I'm sure someone more experienced than I could tell if this was already enabled based on the dump) In your rules file, add the following rule (the '!10.10.10.2' may not be desirable in your case, but I can't imagine why 10.10.10.2 would try to connect to 10.10.10.100 when it was trying to access a service that it was hosting): DNAT loc:!10.10.10.2 loc:10.10.10.2 tcp 5900 In your masq file, add the following: eth0 eth0 10.10.10.100 That should do it. --Russel Riley ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
