Consolidate FAQs 1d and 2b

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8398 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-04-07 23:04:20 +00:00
parent 2cfe94c879
commit 31e8d5b8f5

View File

@ -351,43 +351,8 @@ DNAT net loc:192.168.1.3:22 tcp 1022</programlisting>
works fine but when my local users try to connect to the server using works fine but when my local users try to connect to the server using
the Firewall's external IP address, it doesn't work.</title> the Firewall's external IP address, it doesn't work.</title>
<para><emphasis role="bold">Answer</emphasis>: Let's assume the <para><emphasis role="bold">Answer</emphasis>: See <link
following:</para> linkend="faq2b">FAQ 2b</link>.</para>
<itemizedlist>
<listitem>
<para>External IP address is 206.124.146.176 on <filename
class="devicefile">eth0</filename>.</para>
</listitem>
<listitem>
<para>Server's IP address is 192.168.2.4</para>
</listitem>
</itemizedlist>
<para>You can enable access to the server from your local network
using the firewall's external IP address by adding this rule:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
# PORT DEST
DNAT loc dmz:192.168.2.4 tcp 80 - 206.124.146.176</programlisting>
<para>If your external IP address is dynamic, then you must do the
following:</para>
<para>In <filename>/etc/shorewall/params</filename>:</para>
<programlisting><command>ETH0_IP=`find_interface_address eth0`</command> </programlisting>
<para>For users of Shorewall 2.1.0 and later:</para>
<programlisting><command>ETH0_IP=`find_first_interface_address eth0`</command></programlisting>
<para>and make your DNAT rule:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT SOURCE ORIGINAL
# PORT DEST.
DNAT loc dmz:192.168.2.4 tcp 80 - $ETH0_IP</programlisting>
</section> </section>
<section id="faq1e"> <section id="faq1e">