Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I'm running Shorewall 1.3.11 on a box with 3 NICs. One NIC is connected to our cable modem (WAN), one to our campus network (LAN) and a third one is our psuedo-DMZ (I say psuedo because the machines in that zone are really just there so they are accessible from the net [webservers] and can selectively use each connection)
I want to route all http traffic to use eth1 (the LAN), leaving the cable bandwidth open for more specialized things. I've tried setting up a variety of rules, but I can't seem to find the right one. I've been successful in mapping MS Terminal Services through to the right machines and ports, so I know I'm not completely ignorant.
Here are the current rules :
#result client server proto port client_port address
ACCEPT fw wan tcp 53 -
ACCEPT fw wan udp 53 -
ACCEPT dmz wan udp 53 -
REJECT lan wan udp 53 -
ACCEPT lan fw tcp 22 -
DNAT:info lan dmz:192.168.1.87:80 tcp 87 -
DNAT:info wan dmz:192.168.1.87:80 tcp 87 -
ACCEPT lan fw tcp 8443 -
ACCEPT lan fw icmp 8 -
ACCEPT lan dmz icmp 8 -
ACCEPT dmz lan icmp 8 -
ACCEPT dmz fw icmp 8 -
ACCEPT fw dmz icmp 8 -
ACCEPT dmz lan tcp http -
ACCEPT lan wan tcp https -
ACCEPT lan wan tcp ssh -
ACCEPT lan wan tcp ftp -
ACCEPT lan wan tcp nntp -
ACCEPT fw wan udp ntp -
ACCEPT lan wan tcp imap -
The 2 DNAT rules redirect traffic that hits the WAN interface on port 87 to my webserver's port 80.
Is there a simple rule that could forward all DMZ -> any http traffic to the lan?
Thanks for any help.
(Oh, I know, having everything ACCEPT is probably a bad idea, but this is just for testing)