I have classic case of internet gateway/firewall (g/f) with two network adapters. eth0 is connected to adsl modem, eth1 connects to switch and the rest of the local network. In the local network there is an application server listening on several ports (1098, 1099, 4444), and port forwarding is set up on the gateway so that external client can use the application server too. Almost everything works fine.
The application server is jboss (j2ee server). To skip much details about its inner workings, all clients (internal and external) must be able to connect to the server using the same ip address. This address is of course the external address of the g/f.
So what I need but can't find a way to do is: set up port forwarding on the g/f so that connections from the local network to the external address are forwarded back into the local network to the application server.
In a simulated case, the external network (internet) is 192.168.101.0, and the local network is 192.168.102.0. The g/f has addresses 192.168.101.37 (eth0, from dhcp= amd 192.168.102.6 (eth1, static). The application server is at 192.168.102.7.
In shorewall rules file:
This rule does most of the job:
Code:
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP
DNAT all loc:192.168.102.7\
tcp 2000
Here are some failed attempts:
Code:
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP
# no effect
DNAT loc loc:192.168.102.7\
tcp 2000
# no effect, thou even if it worked, the explicit
# mention of a dhcp assigned address would be a problem
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP
DNAT loc loc:192.168.102.7\
tcp 2000 - 192.168.101.37