[Shorewall-newbies] DNAT problems

Tom Eastep teastep at shorewall.net
Tue Feb 10 13:59:57 PST 2004


On Tuesday 10 February 2004 01:50 pm, Tom Eastep wrote:
> On Tuesday 10 February 2004 01:44 pm, Dan Harding wrote:
> > I read FAQ 2 again.  The "best" solution involving Bind Version 9
> > "views" is beyond my understanding (at least at this point, I can
> > learn...).
> >
> > It mentioned some cautions, so I'm not sure how to proceed.
> >
> > We are seeing FORWARD:REJECT messages in the log files, so I think you
> > are correct in your assumption that we are not experiencing the "usual"
> > problem.
> >
> > If I updated www.techteam.org to 1.4.10a of Shorewall, could you tell me
> > how I should configure Shorewall to accomplish the VNC?
> >
> > I can handle merging the existing rules for ACCEPT into whatever sample
> > files you have to accomplish VNC.
>
> If you upgrade to 1.4.10a then assuming that you just have a single zone
> (net):
>
> /etc/shorewall/rules
>
> DNAT	net	net:<VNC IP address>	tcp	5500	-	<local ip address>:<local ip
> address>
>
> Where <local ip address> is the IP address of the Shorewall box itself and
> <VNC IP address> is the IP address of the box where 'vncviewer' is running
> in listen mode.
>
> /etc/shorewall/interfaces
>
> net	eth0	detect	routeback,...
>

And when this solution is implemented, all VNC server connections to the <VNC 
IP address> will look to that system as if they originated on the Shorewall 
system.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list