David Rothera wrote: > Hi, > > I am trying to make connections that go to the firewall (10.10.10.100 > internal) on port TCP/5900 be redirected to an internal host > (10.10.10.2) but cannot get it to work, the firewall starts ok and > shows no errors when starting up and there are no log entries in the > syslog to suggest that the packets are being dropped, could you please > advise? I have attached a copy of the 'shorewall dump' command.
First of all, I would not call your configuration a 'firewall'; it is a 'one-armed router' (see http://www.shorewall.net/Multiple_Zones.html#OneArmed). Second, you have not set it up correctly as a one-armed router; in that configuration, the 'loc' zone must be defined as a sub-zone of the 'net' zone (or at least 'loc' must be defined before 'net' in /etc/shorewall/zones). Third, your original question is Shorewall FAQ 2. In addition to setting 'routeback' on eth0 in /etc/shorewall/interfaces as suggested by Russel, you need a rule in /etc/shorewall/masq. See http://www.shorewall.net/FAQ.htm#faq2 for details. Forth, I recommend that you migrate to using Shorewall-perl at the first opportunity. It starts/restarts much faster, it catches many more problems at compile time, it has more features and it will totally replace Shorewall-shell in Shorewall 4.4. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
