LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Shorewall port forwarding problem
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-26-2006, 07:53 AM   #1
kresho
LQ Newbie
 
Registered: Jan 2006
Posts: 3

Rep: Reputation: 0
Shorewall port forwarding problem

I have classic case of internet gateway/firewall (g/f) with two network adapters. eth0 is connected to adsl modem, eth1 connects to switch and the rest of the local network. In the local network there is an application server listening on several ports (1098, 1099, 4444), and port forwarding is set up on the gateway so that external client can use the application server too. Almost everything works fine.

The application server is jboss (j2ee server). To skip much details about its inner workings, all clients (internal and external) must be able to connect to the server using the same ip address. This address is of course the external address of the g/f.

So what I need but can't find a way to do is: set up port forwarding on the g/f so that connections from the local network to the external address are forwarded back into the local network to the application server.

In a simulated case, the external network (internet) is 192.168.101.0, and the local network is 192.168.102.0. The g/f has addresses 192.168.101.37 (eth0, from dhcp= amd 192.168.102.6 (eth1, static). The application server is at 192.168.102.7.

In shorewall rules file:

This rule does most of the job:
Code:
#ACTION  SOURCE  DEST   PROTO   DEST  SOURCE  ORIGINAL  RATE    USER/
#                               PORT  PORT(S) DEST      LIMIT   GROUP
DNAT     all     loc:192.168.102.7\
                        tcp     2000
Here are some failed attempts:

Code:
#ACTION  SOURCE  DEST   PROTO   DEST  SOURCE  ORIGINAL  RATE    USER/
#                               PORT  PORT(S) DEST      LIMIT   GROUP
# no effect
DNAT     loc     loc:192.168.102.7\
                        tcp     2000

# no effect, thou even if it worked, the explicit 
# mention of a dhcp assigned address would be a problem
#ACTION  SOURCE  DEST   PROTO   DEST  SOURCE  ORIGINAL  RATE    USER/
#                               PORT  PORT(S) DEST      LIMIT   GROUP
DNAT     loc     loc:192.168.102.7\
                        tcp     2000  -       192.168.101.37
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 07:35 PM
MNF and Shorewall port forwarding apoc63 Linux - Networking 2 05-18-2005 10:39 AM
port forwarding problem bruj3w Linux - Networking 3 08-13-2004 08:13 PM
port forwarding problem syrtsardo Linux - Networking 6 07-19-2004 01:50 AM
Shorewall - Port forwarding BrianNJ Linux - Networking 0 05-24-2004 08:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:02 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration