[Shorewall-users] Server publishing with DNAT (part 2)?

Tom Eastep teastep at shorewall.net
Thu, 24 Oct 2002 12:57:57 -0700

Kreshimir Shantek wrote:
>>>Won't work... I have Shorewall version 1.3.5, initially, init file wasn't
>>I don't know what you're trying to say -- the 'start' file wasn't there 
>>either before you created it!!! Same goes for the 'init' file - YOU have 
>>to create it.
> sorry, it seams I thoght that start file was initaly there...
> .. btw. why don't you include and empty start and init files in instalation
> with comment what are they for (like policy, rules and other stuff)?

I'm just lazy I guess.

>>>I have a route for 192.168.101.x segment:
>>> dev eth4 scope link
>>>I think that's ok.
>>Yes -- assuming that the default gateway on is configured to 
> Yes, you were right - the default gateway on WASN'T
> After I set it to, the thing works!
> But, why is that? The eth4 and are on same subnet... why
> the gateway on must be Is there any other
> way to make thing working?
> What if I want to publish server that is not on the same segment with eth4?
> (i.e, I have: eth4<->router<->the_server_I_want_to_publish).

I suggest that you pick up a copy of a good basic text on addressing and 
routing and read it. My personal favorite is "IP Fundamentals  - What 
Everyone Needs to Know About Addressing & Routing", Thomas A. Maufer, 
Prentice Hall, 1999, IBSN 0-13-975483-0.

If you are going to administer a network, you need a basic understanding 
of how routing and addressing works.

Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net