From: Noc P. <no...@ph...> - 2006-08-03 16:36:06
|
Tom Eastep a écrit : > Noc Phibee wrote: > >> Hi >> >> it's possible with Shorewall 2.0.17 create a "Proxy" on one IP ? >> >> WAN => Ip Official >> Linux Shorewall Gateway (ETh0 on WAN and Eth1 on LAN) >> Destination Serveur on the lan with a 192.168.1.100 IP >> >> >> I am search a "proxy" for the packet sent to the local server by the gateway >> put the IP of the gateway for Answer (on the lan server, he don't have a >> 0.0.0.0/0 >> route for the gateway server. If the packet have in Source a Internet >> IP, he can't answer) >> > > Check the last post I made in the thread with subject "please help with DNAT > setting". I described how you can use an entry in /etc/shorewall/masq to work > around this type of problem. > > -Tom > Hi Thanks tom, it's : ======================================================================= b) Use an SNAT rule so that all traffic forwarded by the DNAT rule appears to the server to come from the Shorewall box. This of course makes the access and error logs on the server worthless since you can't tell where the traffic really came from. In /etc/shorewall/masq: <local iface>:192.168.111.247 0.0.0.0/0 <local IP> tcp 80 ======================================================================== My wan eth0 on my linux box are 83.41.12X.XX My Lan eth1 on my linux box are 192.168.1.254 My Local Server are in 192.168.1.200 The protocole are 80 and 443 i put in /etc/shorewall/masq: eth1:192.168.1.200 0.0.0.0/0 83.41.12X.XX tcp 80 eth1:192.168.1.200 0.0.0.0/0 83.41.12X.XX tcp 80 it's correct ? 83.41.12X.XX are the IP of my linux box, i have 10 other ip in 83.41.12X ... can i put a special 83.41.12X. for this process ? Thanks for your help tom |