help with shorewall problems

Hi,

Ricardo Kleemann wrote:

> Hi,
>
> I'm running shorewall 2.4.7 and I'm having trouble
getting it to work
> properly. I've been working with an older version of
shorewall on
> another leaf box for a couple of years now, without any
problems.
>
> I have this in /etc/shorewall/nat
>
> aa.bb.cc.dd    eth0            192.168.111.247     no
no
>
> and in /etc/shorewall/rules I have (the AllowWeb
entries are just to
> make sure port 80 is totally open, I wasn't sure since
I was having
> problems):
>
> AllowWeb    loc         fw
> AllowWeb        net     fw
> AllowWeb        net     loc
> AllowWeb        fw      loc
> DNAT   net     loc:192.168.111.247     tcp     80     
-      
> aa.bb.cc.dd

For a simple forward like this, I think you do not need to
have any
entry in the /etc/shorewall/nat file and in your
/etc/shorewall/rules
file you can simply use:

DNAT   net     loc:192.168.111.247     tcp     80

which would forward all traffic from the Internet to your
web server on
port 80.

I am assuming that you only have 1 external IP address of
course.  If
you only have 1 external IP, you do not really need to
specify that IP
address.


HTH,
Andrew



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking
scripting language
that extends applications into web and mobile media. Attend
the live webcast
and join the prime developer group breaking into this new
coding territory!
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=110944&bid=241720&dat=121642
------------------------------------------------------------
------------
leaf-user mailing list: leaf-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

On Friday 14 April 2006 11:25, Andrew Heagle wrote:

>
> For a simple forward like this, I think you do not need
to have any
> entry in the /etc/shorewall/nat file and in your
/etc/shorewall/rules
> file you can simply use:
>

This problem has been solved -- turns out that the server
the connection was 
being forwarded to had two default gateways and needed some
advanced routing 
setup to make it work correctly.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently
talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastepshorewall.net
PGP Public Key   \ https://l
ists.shorewall.net/teastep.pgp.key

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom Eastep wrote:

> On Friday 14 April 2006 11:25, Andrew Heagle wrote:
>
>> For a simple forward like this, I think you do not
need to have
>> any entry in the /etc/shorewall/nat file and in
your
>> /etc/shorewall/rules file you can simply use:
>>
>
> This problem has been solved -- turns out that the
server the
> connection was being forwarded to had two default
gateways and
> needed some advanced routing setup to make it work
correctly.
>
> -Tom

Just out of curiosity, was the problem he had similar to the
one you
described here?

http://shorewall.n
et/MultiISP.html


Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


iD8DBQFEQVPCoSA7ent4nKkRAnQGAJwMEUuDUxqmzpcLY97442BKmUxSowCf
dp9a
42fzw+Zv8qxNCQYWn5fVobA=
=RGn9
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking
scripting language
that extends applications into web and mobile media. Attend
the live webcast
and join the prime developer group breaking into this new
coding territory!
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=110944&bid=241720&dat=121642
------------------------------------------------------------
------------
leaf-user mailing list: leaf-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/