hi,
I am having problems forwarding from public vip to private vip and back
configuration files
interfaces
Code:
#ZONE INTERFACE BROADCAST OPTIONS
net eth5 detect
loc bond0 detect
policy
Code:
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
loc all ACCEPT
net all ACCEPT
fw all ACCEPT
#fw net ACCEPT
#all fw ACCEPT
# THE FOLLOWING POLICY MUST BE LAST
all all DROP info
#$FW net ACCEPT
rules
Code:
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
#SECTION NEW
#ACCEPT loc all tcp 80 #not needed
# Accept DNS connections from the firewall to the network
#
DNS(ACCEPT) $FW net
#
# Accept SSH connections from the local network for administration
#
SSH(ACCEPT) loc all
SSH(ACCEPT) net all
SSH(ACCEPT) $FW all
#
# Allow Ping from the local network
#
Ping(ACCEPT) $FW all
Ping(ACCEPT) $FW all
Ping(ACCEPT) net all
#
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
#
#Ping(DROP) net $FW
ACCEPT $FW all icmp
ACCEPT loc all icmp
ACCEPT net all icmp
#ACCEPT net loc:192.168.0.237 tcp 80 - 195.171.205.21
#ACCEPT net loc:192.168.0.237 tcp ssh - 195.171.205.21
DNAT net loc:192.168.0.237 tcp ssh,80,443 #works
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
ACCEPT loc fw tcp 22
zones
Code:
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4
masq
In the above my public vip is 195.171.205.21, but i am using a real server ip (192.168.0.237) and it works. BUT if i use 192.168.0.199 which is the private vip on the same box it does not work.
Any help???