[Shorewall-users] VMware and apache

Rickard Eriksson riceri at home.se
Wed Jul 16 13:22:58 PDT 2003


Your right it is a litel typo there...

but in the rule i have is:
DNAT     net     loc:192.168.0.3     tcp     8080
I changed it to:
DNAT     net     loc:192.168.0.3:80     tcp     8080

I have checked with tcpdump and i found that now i can't see the 
connections any more...

I use more DNAT rules and they works. One of them look like this:
DNAT          net       loc:192.168.0.2 tcp  1612

I give up. It is only my devel computer that runs under VMware so there 
is no realy need
to let others connect to it but it would be fun to show what i have done 
sometimes.

Thanks for the help!


Rodolfo J. Paiz wrote:

> At 7/16/2003 00:28 +0200, you wrote:
>
>> Rodolfo J. Paiz wrote:
>>
>>> At 7/16/2003 00:02 +0200, you wrote:
>>>
>>>> The rule i use looks like this:
>>>> DNAT   net   loc:192.168.0.3   tcp   80
>>>
>>>
>>>
>>> If the network in VMware is bridged, the guest computer will act 
>>> just like any other computer on the same network. So, if you can 
>>> reach Apache at 192.168.0.3 from another computer on the same 
>>> network, you should also be able to reach it by outside.
>>>
>>> Can the VMware computer connect to the outside world? Can it browse 
>>> web pages, ping other computers, etc?
>>>
>>> Also, are you sure that DNAT rule is correct, and that it is the 
>>> only Shorewall rule you need?
>>>
>> Yes, i can ping it and so on, it works perfect in the local network, 
>> thats why i don't know what can be wrong.
>> There shall only be one rule or?
>
>
> Have you used DNAT before? Are you 100% sure that your rule is 
> correct? Are you 100% sure that this DNAT rule is the only one you need?
>
> You originally said that you were trying to take external connections 
> to port 8080 and forward them to the .1.3 IP address on port 80. As 
> far as I can see, the DNAT rule you've written takes external 
> connections to port 80 and forwards them to the internal system on 
> port 80. Not the same thing.
>
> How about:
>
> DNAT     net     loc:192.168.0.3:80     tcp     8080
>
> Disclaimer: I have never used DNAT before, but this is how I interpret 
> the documentation and comments inside the /etc/shorewall/rules file. 
> At least it's different from yours, and it seems to make good sense to 
> me. <grin>
>
>





More information about the Shorewall-users mailing list