Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
I'm running Shorewall 1.3.11 on a box with 3 NICs. One NIC is connected to our cable modem (WAN), one to our campus network (LAN) and a third one is our psuedo-DMZ (I say psuedo because the machines in that zone are really just there so they are accessible from the net [webservers] and can selectively use each connection)
I want to route all http traffic to use eth1 (the LAN), leaving the cable bandwidth open for more specialized things. I've tried setting up a variety of rules, but I can't seem to find the right one. I've been successful in mapping MS Terminal Services through to the right machines and ports, so I know I'm not completely ignorant.
Here are the current rules :
#result client server proto port client_port address
ACCEPT fw wan tcp 53 -
ACCEPT fw wan udp 53 -
ACCEPT dmz wan udp 53 -
REJECT lan wan udp 53 -
ACCEPT lan fw tcp 22 -
DNAT:info lan dmz:192.168.1.87:80 tcp 87 -
DNAT:info wan dmz:192.168.1.87:80 tcp 87 -
ACCEPT lan fw tcp 8443 -
ACCEPT lan fw icmp 8 -
ACCEPT lan dmz icmp 8 -
ACCEPT dmz lan icmp 8 -
ACCEPT dmz fw icmp 8 -
ACCEPT fw dmz icmp 8 -
ACCEPT dmz lan tcp http -
ACCEPT lan wan tcp https -
ACCEPT lan wan tcp ssh -
ACCEPT lan wan tcp ftp -
ACCEPT lan wan tcp nntp -
ACCEPT fw wan udp ntp -
ACCEPT lan wan tcp imap -
The 2 DNAT rules redirect traffic that hits the WAN interface on port 87 to my webserver's port 80.
Is there a simple rule that could forward all DMZ -> any http traffic to the lan?
Thanks for any help.
(Oh, I know, having everything ACCEPT is probably a bad idea, but this is just for testing)