[Shorewall-users] Server publishing with DNAT (part 2)?

Tom Eastep teastep at shorewall.net
Thu, 24 Oct 2002 12:57:57 -0700


Kreshimir Shantek wrote:
>>>Won't work... I have Shorewall version 1.3.5, initially, init file wasn't
>>
>>I don't know what you're trying to say -- the 'start' file wasn't there 
>>either before you created it!!! Same goes for the 'init' file - YOU have 
>>to create it.
> 
> 
> sorry, it seams I thoght that start file was initaly there...
> .. btw. why don't you include and empty start and init files in instalation
> with comment what are they for (like policy, rules and other stuff)?

I'm just lazy I guess.

> 
> 
>>>I have a route for 192.168.101.x segment:
>>>
>>>192.168.101.0/24 dev eth4 scope link
>>>
>>>I think that's ok.
>>
>>Yes -- assuming that the default gateway on 192.168.101.5 is configured to 
>>be 192.168.101.2.
> 
> 
> Yes, you were right - the default gateway on 192.168.101.5 WASN'T 192.168.101.2.
> After I set it to 192.168.101.2, the thing works!
> 
> But, why is that? The eth4 and 192.168.101.5 are on same subnet... why
> the gateway on 192.168.101.5 must be 192.168.101.2? Is there any other
> way to make thing working?
> 
> What if I want to publish server that is not on the same segment with eth4?
> (i.e, I have: eth4<->router<->the_server_I_want_to_publish).
> 

I suggest that you pick up a copy of a good basic text on addressing and 
routing and read it. My personal favorite is "IP Fundamentals  - What 
Everyone Needs to Know About Addressing & Routing", Thomas A. Maufer, 
Prentice Hall, 1999, IBSN 0-13-975483-0.

If you are going to administer a network, you need a basic understanding 
of how routing and addressing works.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net