[Shorewall-newbies] A DMZ issue with private addresses
teastep at shorewall.net
Wed Jan 21 07:24:23 PST 2004
On Wednesday 21 January 2004 04:32 am, Matthew Pozzi wrote:
> Tom, I am sorry I did not explain myself fully, an idiot indeed. Dual
> homing the boxes is indeed a solution, but I do not want normal routed
> traffic coming from the net to this DMZ through a second router, only
> portforwarded traffic.
> I full appreciate that routing cannot be done to a DMZ that hangs off
> another box, nor would I try, maybe I am not quite the idiot I make myself
> out to be?
> I am doing since the data path via the DSL service will be a lot cheaper
> compared to a per byte charged ISDN service.
> I am trying to do this using:
> Shorewall 1.4.9, iptables 1.2.8 kernel 2.4.20 (Bering 1.2)
> and my rule is this:
> DNAT net dmz:a.b.c.d:80 tcp 54321
> But to no avail, although I also have another DNAT service that is working,
> without any port translation though
> DNAT net loc:192.168.45.22 tcp 1723
> DNAT net loc:192.168.45.22 47 -
> DNAT net loc:192.168.45.22 tcp 1701
> for a M$ PPTP VPN server sitting behind. I cannot think why this first DNAT
> won't work while the second/third/fourth do. Can you still see a problem?
Does the default route on a.b.c.d go through the Bering box?
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies