LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Shorewall port forwarding problem (https://www.linuxquestions.org/questions/linux-networking-3/shorewall-port-forwarding-problem-408166/)

kresho 01-26-2006 07:53 AM
Shorewall port forwarding problem
 
I have classic case of internet gateway/firewall (g/f) with two network adapters. eth0 is connected to adsl modem, eth1 connects to switch and the rest of the local network. In the local network there is an application server listening on several ports (1098, 1099, 4444), and port forwarding is set up on the gateway so that external client can use the application server too. Almost everything works fine.

The application server is jboss (j2ee server). To skip much details about its inner workings, all clients (internal and external) must be able to connect to the server using the same ip address. This address is of course the external address of the g/f.

So what I need but can't find a way to do is: set up port forwarding on the g/f so that connections from the local network to the external address are forwarded back into the local network to the application server.

In a simulated case, the external network (internet) is 192.168.101.0, and the local network is 192.168.102.0. The g/f has addresses 192.168.101.37 (eth0, from dhcp= amd 192.168.102.6 (eth1, static). The application server is at 192.168.102.7.

In shorewall rules file:

This rule does most of the job:
Code:
#ACTION  SOURCE  DEST  PROTO  DEST  SOURCE  ORIGINAL  RATE    USER/
#                              PORT  PORT(S) DEST      LIMIT  GROUP
DNAT    all    loc:192.168.102.7\
                        tcp    2000
Here are some failed attempts:

Code:
#ACTION  SOURCE  DEST  PROTO  DEST  SOURCE  ORIGINAL  RATE    USER/
#                              PORT  PORT(S) DEST      LIMIT  GROUP
# no effect
DNAT    loc    loc:192.168.102.7\
                        tcp    2000

# no effect, thou even if it worked, the explicit
# mention of a dhcp assigned address would be a problem
#ACTION  SOURCE  DEST  PROTO  DEST  SOURCE  ORIGINAL  RATE    USER/
#                              PORT  PORT(S) DEST      LIMIT  GROUP
DNAT    loc    loc:192.168.102.7\
                        tcp    2000  -      192.168.101.37


All times are GMT -5. The time now is 12:04 PM.