[Shorewall-users] VMware and apache
riceri at home.se
Wed Jul 16 13:22:58 PDT 2003
Your right it is a litel typo there...
but in the rule i have is:
DNAT net loc:192.168.0.3 tcp 8080
I changed it to:
DNAT net loc:192.168.0.3:80 tcp 8080
I have checked with tcpdump and i found that now i can't see the
connections any more...
I use more DNAT rules and they works. One of them look like this:
DNAT net loc:192.168.0.2 tcp 1612
I give up. It is only my devel computer that runs under VMware so there
is no realy need
to let others connect to it but it would be fun to show what i have done
Thanks for the help!
Rodolfo J. Paiz wrote:
> At 7/16/2003 00:28 +0200, you wrote:
>> Rodolfo J. Paiz wrote:
>>> At 7/16/2003 00:02 +0200, you wrote:
>>>> The rule i use looks like this:
>>>> DNAT net loc:192.168.0.3 tcp 80
>>> If the network in VMware is bridged, the guest computer will act
>>> just like any other computer on the same network. So, if you can
>>> reach Apache at 192.168.0.3 from another computer on the same
>>> network, you should also be able to reach it by outside.
>>> Can the VMware computer connect to the outside world? Can it browse
>>> web pages, ping other computers, etc?
>>> Also, are you sure that DNAT rule is correct, and that it is the
>>> only Shorewall rule you need?
>> Yes, i can ping it and so on, it works perfect in the local network,
>> thats why i don't know what can be wrong.
>> There shall only be one rule or?
> Have you used DNAT before? Are you 100% sure that your rule is
> correct? Are you 100% sure that this DNAT rule is the only one you need?
> You originally said that you were trying to take external connections
> to port 8080 and forward them to the .1.3 IP address on port 80. As
> far as I can see, the DNAT rule you've written takes external
> connections to port 80 and forwards them to the internal system on
> port 80. Not the same thing.
> How about:
> DNAT net loc:192.168.0.3:80 tcp 8080
> Disclaimer: I have never used DNAT before, but this is how I interpret
> the documentation and comments inside the /etc/shorewall/rules file.
> At least it's different from yours, and it seems to make good sense to
> me. <grin>
More information about the Shorewall-users