On 2/26/11 3:56 AM, Paolo Andretta wrote: > On Fri, 25 Feb 2011, Tom Eastep wrote: > >>> Ok, Changed in: >>> >>> vmbr0 192.168.109.0/24 1.2.3.109 >>> vmbr0 192.168.110.0/24 1.2.3.110 >>> vmbr0 192.168.108.0/24 1.2.3.108 >>> >>> vmbr9 192.168.109.0/24 1.2.3.109 <<< NEW Attempt >> >> Should be: >> >> vmbr9:192.168.109.1 192.168.109.0/24 1.2.3.109 > > That not work. > > Instead seems Ok if I use: > > vmbr9:192.168.109.97 192.168.109.0/24 1.2.3.109 > > Internal server's IP is 192.168.109.97 while 192.168.109.1 is the FW IP
If you look back through this email thread, you will find that you have never given us these details; we have been trying to guess them based on what you have told us. > > >>> to /rules seems solve the problem. >>> But I reach this result by attpmts, not following a logical path (in my >>> mind that have limited understanding of [SD]NAT & c. >>> Is this conf correct? >>> Can I extend to the other servers or am I solving a problem and generating >>> many others? >> >> Yes -- you need one line per server in each file. > > At the moment I have tried only in FW where I have 1 server for every > interface. Having more servers for interfaces (192.168.109.97, > 192.168.109.101, 192.168.109.102, ...), is simply matter of having > > vmbr9:192.168.109.97 192.168.109.0/24 1.2.3.109 > vmbr9:192.168.109.101 192.168.109.0/24 1.2.3.101 > vmbr9:192.168.109.102 192.168.109.0/24 1.2.3.102 > . . . > > in the /masq file? > > > And obvioulsy the related: > > DNAT net dmz:192.168.109.97 tcp 20,21,80,443 - 1.2.3.109 > DNAT dmz dmz:192.168.109.97 tcp 20,21,80,443 - 1.2.3.109 > > DNAT net dmz:192.168.109.101 tcp 20,21,80,443 - 1.2.3.101 > DNAT dmz dmz:192.168.109.101 tcp 20,21,80,443 - 1.2.3.101 > > DNAT net dmz:192.168.109.102 tcp 20,21,80,443 - 1.2.3.102 > DNAT dmz dmz:192.168.109.102 tcp 20,21,80,443 - 1.2.3.102 > > . . . > > in the /rules? Yes. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
