shorewall and ip-forwarding

Discussion in 'Linux Networking' started by no#4me, Mar 9, 2005.

  1. no#4me

    no#4me Guest

    I want to set up ip-forwarding on my shorewall-firewall but it doesn´t work.
    I want to redirect all smtp/http traffic to my internal mailserver
    (192.168.1.1).
    I have several public ip-adresses

    1.2.3.4 external interface shorewall
    1.2.3.5 I want to use this for ip-forwarding.

    The internal interface of the firewall is 192.168.1.2

    Rule-file:
    ACTION: DNAT
    SOURCE: net
    DEST: loc:192.168.1.1
    PROTO: tcp
    DEST PORT: 25,80
    SOURCE PORT : -
    ORIGINAL DEST : 1.2.3.5

    Nat-file
    EXTERNAL: 1.2.3.5
    INTERFACE: eth0 (externe interface shorewall)
    INTERNAL: 192.168.1.

    Shorewall.conf -file
    ADD_IP_ALIASES=Yes

    Shorewall version: 2.2
    Distribution: Suse 9.2

    Any hint will be appreciated
    Thanks in advance

    Carlo
     
    no#4me, Mar 9, 2005
    #1
    1. Advertisements

  2. no#4me

    sneaky56 Guest

    I have the following in rules for a transparent squid. Try to adapt it
    to your needs.

    REDIRECT loc 3128 tcp www - !192.168.56.3


    tom
     
    sneaky56, Mar 9, 2005
    #2
    1. Advertisements

  3. no#4me

    Mark Guest

    I've had a similar arrangement in the past and it worked for me:

    ##############################################################################
    #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
    # PORT PORT(S) DEST
    ##############################################################################
    DNAT net loc:192.168.1.1 tcp smtp - 1.2.3.5

    Interesting, I'm not doing anything with the shorewall/nat file. Perhaps
    this is causing your grief. Not sure, but if you're using the
    shorewall/nat file, then don't you need a corresponding ACCEPT rule in the
    shorewall/rules file?

    Mark
     
    Mark, Mar 11, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.