[Shorewall-users] Server publishing with DNAT (part 2)?
teastep at shorewall.net
Thu, 24 Oct 2002 12:57:57 -0700
Kreshimir Shantek wrote:
>>>Won't work... I have Shorewall version 1.3.5, initially, init file wasn't
>>I don't know what you're trying to say -- the 'start' file wasn't there
>>either before you created it!!! Same goes for the 'init' file - YOU have
>>to create it.
> sorry, it seams I thoght that start file was initaly there...
> .. btw. why don't you include and empty start and init files in instalation
> with comment what are they for (like policy, rules and other stuff)?
I'm just lazy I guess.
>>>I have a route for 192.168.101.x segment:
>>>192.168.101.0/24 dev eth4 scope link
>>>I think that's ok.
>>Yes -- assuming that the default gateway on 192.168.101.5 is configured to
> Yes, you were right - the default gateway on 192.168.101.5 WASN'T 192.168.101.2.
> After I set it to 192.168.101.2, the thing works!
> But, why is that? The eth4 and 192.168.101.5 are on same subnet... why
> the gateway on 192.168.101.5 must be 192.168.101.2? Is there any other
> way to make thing working?
> What if I want to publish server that is not on the same segment with eth4?
> (i.e, I have: eth4<->router<->the_server_I_want_to_publish).
I suggest that you pick up a copy of a good basic text on addressing and
routing and read it. My personal favorite is "IP Fundamentals - What
Everyone Needs to Know About Addressing & Routing", Thomas A. Maufer,
Prentice Hall, 1999, IBSN 0-13-975483-0.
If you are going to administer a network, you need a basic understanding
of how routing and addressing works.
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com