[Shorewall-users] machine down and redirect stuff (temporarily)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I have a three legged router net/dmz/loc with a /28 of IP addresses
proxyarped thru from net->dmz and this all works fine.

Unfortunately one machine on the DMZ has had a disc failure and I need
to map thru one port from both net and dmz. (There is a machine on the
DMZ that would talk on the DMZ to the failed machine).

Now, I have #-ed out the proxyarp for that IP, and also all the relevant
rules for that machine and successfully DNATed the port from
net<external ip>->loc:<local ip>. However, the obvious next line
(another DNAT from the DMZ<external ip>->loc:<local ip>) doesn't work. 

ie something like in rules:-

DNAT net loc:<localip> tcp 2222 - <externalip> #this works fine 
DNAT dmz loc:<localip> tcp 2222 - <externalip> #this not 

Dirk
-- 
Please Note: Some Quantum Physics Theories Suggest That When the
Consumer Is Not Directly Observing This Product, It May Cease to
Exist or Will Exist Only in a Vague and Undetermined State.