[Shorewall-users] Tricky routing

Tom Eastep teastep at shorewall.net
Thu Dec 18 08:04:55 PST 2003

On Thursday 18 December 2003 08:01 am, Dag Nygren wrote:
> Hi,
> I have a small problem that I am sure some have seen before.
> Scenario:
> - DMZ with WEB-server and DNAT:ed external adresses
> - Local net where users want/have to access the WEB-server with the
> EXTERNAL address
> The firewall doesn't seem to like the situation as it will drop the
> packages that should go as far as the external interface, then be rerouted
> to the DMZ.
> Any hints?

Add DNAT rules for loc->dmz where the ORIGINAL DEST column contains the 
external address.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-users mailing list