[Shorewall-newbies] DNAT problems

Tom Eastep teastep at shorewall.net
Tue Feb 10 13:50:22 PST 2004


On Tuesday 10 February 2004 01:44 pm, Dan Harding wrote:
> I read FAQ 2 again.  The "best" solution involving Bind Version 9
> "views" is beyond my understanding (at least at this point, I can
> learn...).
>
> It mentioned some cautions, so I'm not sure how to proceed.
>
> We are seeing FORWARD:REJECT messages in the log files, so I think you
> are correct in your assumption that we are not experiencing the "usual"
> problem.
>
> If I updated www.techteam.org to 1.4.10a of Shorewall, could you tell me
> how I should configure Shorewall to accomplish the VNC?
>
> I can handle merging the existing rules for ACCEPT into whatever sample
> files you have to accomplish VNC.
>

If you upgrade to 1.4.10a then assuming that you just have a single zone 
(net):

/etc/shorewall/rules	

DNAT	net	net:<VNC IP address>	tcp	5500	-	<local ip address>:<local ip address>

Where <local ip address> is the IP address of the Shorewall box itself and 
<VNC IP address> is the IP address of the box where 'vncviewer' is running in 
listen mode.	

/etc/shorewall/interfaces

net	eth0	detect	routeback,...

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list