[afnog] Port forwarding using shorewall problem (Yahaya Wara)
Richard Katalemwa
rkatalemwa at gmail.com
Tue May 20 11:45:26 UTC 2008
Ideally the better solution for u would be to acquire more public addresses.
That way you will not be straining your firewall server in doing
supplementary routing**
But in your situation this should solve your problem.
in /etc/shorewall/rules do,
DNAT:info net loc:ip_address_of_server tcp 80
DNAT:info net loc:your_public_address tcp 80
You dont have to change your /etc/shorewall/masq settings.
Richard.
>Message: 2
>Date: Tue, 29 Apr 2008 02:15:24 -0700 (PDT)
>From: Yahaya Wara <mywarra at yahoo.com>
>Subject: [afnog] Port forwarding using shorewall problem
>To: Afnog <afnog at afnog.org>
>Message-ID: <765918.54742.qm at web65711.mail>.ac4.yahoo.com>
>Content-Type: text/plain; charset=iso-8859-1
>
>Dear all,
>I installed shorewall firewall version 3.x on ubuntu
>linux 7.X. The firewall started and running. One of my
>goals is to run internet servers on my local network
>with RFC-1918 private IP adddresses. Because these
>computers have RFC-1918 addresses, it is not possible
>for clients on the internet to connect directly to
>them,i would want the clients on the internet to
>address their request to the firewall who then forward
>the request to the server. When my server responds,
>the firewall should automatically rewrite the source
>address in the response using it public routable
>IP(208.78.59.98).
>This is what i have in my /etc/shorewall/masq
>eth0 eth1
>eth0 eth1 208.78.99.98
>This is what i have in my /etc/shorewall/rules
>DNAT net loc:172.16.0.13 tcp 80 208.78.59.99
>iam stucked any help?
>
>
>
> Yahaya Mohammed Wara B.Sc, CCIE-written CCNP, CCAI, >CCNA
> Usmanu Danfodiyo University
> P.M.B 2346, Sokoto, Nigeria
>Mobile: 234-8039687494
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20080520/b1c2e0e2/attachment-0002.html>
More information about the afnog
mailing list