[Shorewall-newbies] DNAT problems
teastep at shorewall.net
Tue Feb 10 13:59:57 PST 2004
On Tuesday 10 February 2004 01:50 pm, Tom Eastep wrote:
> On Tuesday 10 February 2004 01:44 pm, Dan Harding wrote:
> > I read FAQ 2 again. The "best" solution involving Bind Version 9
> > "views" is beyond my understanding (at least at this point, I can
> > learn...).
> > It mentioned some cautions, so I'm not sure how to proceed.
> > We are seeing FORWARD:REJECT messages in the log files, so I think you
> > are correct in your assumption that we are not experiencing the "usual"
> > problem.
> > If I updated www.techteam.org to 1.4.10a of Shorewall, could you tell me
> > how I should configure Shorewall to accomplish the VNC?
> > I can handle merging the existing rules for ACCEPT into whatever sample
> > files you have to accomplish VNC.
> If you upgrade to 1.4.10a then assuming that you just have a single zone
> DNAT net net:<VNC IP address> tcp 5500 - <local ip address>:<local ip
> Where <local ip address> is the IP address of the Shorewall box itself and
> <VNC IP address> is the IP address of the box where 'vncviewer' is running
> in listen mode.
> net eth0 detect routeback,...
And when this solution is implemented, all VNC server connections to the <VNC
IP address> will look to that system as if they originated on the Shorewall
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies