[Shorewall-users] port forward from local net to local machine

eric.taillon@mks.net eric.taillon@mks.net
Fri, 26 Apr 2002 12:07:07 -0400


I found how to do but the only problem is that all connection seems to come
from the firewall itself.
In our setup, we don't care about the ip of the source because  we are
using user/password authentification.

It's not exactly like FAQ #2 but this one gave me a hint... Thanks Tom!

Here is what I did to make it work:

local network: 192.168.0.0/24
IP of proxy:   192.168.0.2
IP of firewall:     192.168.0.1

ACCEPT  loc:!192.168.0.2  loc:192.168.0.2:8002  tcp  http  -
all:192.168.0.1


Thanks!



                                                                                                                                 
                                                                                                                                 
                                                       To:     "eric.taillon@mks.net" <eric.taillon@mks.net>                     
                                                       cc:     Shorewall Users <shorewall-users@shorewall.net>                   
                                                       Subject:     Re: [Shorewall-users] port forward from local net to local   
                                                       machine                                                                   
                                                                                                                                 
                     From:Tom Eastep                                                                                             
                 <teastep@shorewall.net>                                                                                         
                      @shorewall.net                                                                                             
                                                                                                                                 
                on 26/04/2002 07:32 AM MST                                                                                       
                                                                                                                                 
                                                                                                                                 




On Fri, 26 Apr 2002, eric.taillon@mks.net wrote:

>
> Hum!!!
>
> This mean that on the proxy side all connection will look like they were
> coming from the firewall?
> I think the software is using a user/password  identification model so
it's
> probably not important.
>
> Actually I have not tested this part.
> I'm just testing if the port redirection is working doing a telnet to
port
> 80.
> I'm supposed to get html headers and actually the telnet doesn't even
> connect.
>
> Any idea?
>

Sure -- this is the problem described in FAQ #2. I'm just wondering if the
same solution works for proxies.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users