On 26/10/2021 11:48, Nicola Ferrari (#554252) wrote:
On 26/10/2021 10:43, Tuomo Soini wrote:
Because you likely have limited number of servers in dmz, you can give
your names proper internal addresses by setting their real (not public)
addresses in /etc/hosts on all servers so that packets won't go to
firewall.
Ok, I did it.
Simply it was missing a snat rule for the dmz to dmz chain:
SNAT(1.2.3.4) 10.0.0.0/24 eth2:10.0.0.1
Thanks to everybody
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
