[Shorewall-users] Accessing public interface(dmz) from the inside

David Corbin dcorbin at machturtle.com
Sun Oct 5 12:51:07 PDT 2003


Because it is dynamic, I went and looked at the FAQ.  I've opted for the DNS 
solution (/etc/hosts) solution.  (I'd actually tried this, but it didn't work 
because I'd made a type in the IP address.)

But, as I understand it, the dynamic solution won't work well *anyway*, 
because my IP frequently (well occaisionally) changes out from under me.  I 
suppose I could monitor it (actually, it is monitored, after a fashion) and 
restart shorewall, but all I have to say to that is "ugh".  Isn't there a 
solution that would let the mapping be solely based on interface, and not IP?

David

On Sunday 05 October 2003 11:13, Tom Eastep wrote:
> On Sun, 2003-10-05 at 07:16, David Corbin wrote:
> > I can access it using http://public.machturtle.com from systems on the
> > local network.  However, I cannot access it using
> > "http://net.machturtle.com:8080/" from the local network.  It times out. 
> > This is the problem I want to solve.
> >
> > I tried adding:
> >
> > DNAT   loc    dmz:192.168.3.151 tcp 8080
> >
> > That did allow me to access it, but when I did that the ANY request on
> > 8080 to any server from local was sent to the DMZ, even if it was to a
> > host on the "outside".
> >
> > Ideas?
>
> DNAT loc dmz:192.168.3.151 tcp	8080 - <ip of external if>
>
> See the FAQs if your external interface has a dynamic IP address.
>
> -Tom

-- 
David Corbin <dcorbin at machturtle.com>



More information about the Shorewall-users mailing list