[Shorewall-users] Accessing public interface(dmz) from the inside
dcorbin at machturtle.com
Sun Oct 5 12:51:07 PDT 2003
Because it is dynamic, I went and looked at the FAQ. I've opted for the DNS
solution (/etc/hosts) solution. (I'd actually tried this, but it didn't work
because I'd made a type in the IP address.)
But, as I understand it, the dynamic solution won't work well *anyway*,
because my IP frequently (well occaisionally) changes out from under me. I
suppose I could monitor it (actually, it is monitored, after a fashion) and
restart shorewall, but all I have to say to that is "ugh". Isn't there a
solution that would let the mapping be solely based on interface, and not IP?
On Sunday 05 October 2003 11:13, Tom Eastep wrote:
> On Sun, 2003-10-05 at 07:16, David Corbin wrote:
> > I can access it using http://public.machturtle.com from systems on the
> > local network. However, I cannot access it using
> > "http://net.machturtle.com:8080/" from the local network. It times out.
> > This is the problem I want to solve.
> > I tried adding:
> > DNAT loc dmz:192.168.3.151 tcp 8080
> > That did allow me to access it, but when I did that the ANY request on
> > 8080 to any server from local was sent to the DMZ, even if it was to a
> > host on the "outside".
> > Ideas?
> DNAT loc dmz:192.168.3.151 tcp 8080 - <ip of external if>
> See the FAQs if your external interface has a dynamic IP address.
David Corbin <dcorbin at machturtle.com>
More information about the Shorewall-users