extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-22 06:10:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enhance DNAT documentation again

Browse Source
This commit is contained in:
Tom Eastep 2011-01-07 10:27:35 -08:00
parent ad57272c7f
commit 3c4336da58
3 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/FAQ.xml
View File

@ -223,7 +223,8 @@
it.</title>
<para><emphasis role="bold">Answer:</emphasis> The format of a
port-forwarding rule to a local system is as follows:</para>
port-forwarding rule <emphasis>from the net</emphasis> to a local system
is as follows:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT
DNAT net loc:<emphasis>local-IP-address</emphasis>[:<emphasis>local-port</emphasis>] <emphasis>protocol</emphasis> <emphasis>port-number</emphasis></programlisting>
@ -253,6 +254,12 @@ DNAT net:<emphasis>address</emphasis> loc:<emphasis>local-IP-address</empha
column specify the range as
<emphasis>low-port:high-port</emphasis>.</para>
<important>
<para><emphasis role="bold">The above does not work for forwarding
from the local network. If you want to do that, see <link
linkend="faq2">FAQ 2</link>.</emphasis></para>
</important>
<section id="faq1a">
<title>(FAQ 1a) Okay -- I followed those instructions but it doesn't
work</title>

12
docs/three-interface.xml
View File

@ -829,7 +829,15 @@ Web(ACCEPT) loc dmz:10.10.11.2</programlisting><itemizedlist>
<listitem>
<para>When you are connecting to your server from your local
systems, you must use the server's internal IP address
(<systemitem class="ipaddress">10.10.11.2</systemitem>).</para>
(<systemitem class="ipaddress">10.10.11.2</systemitem>) or you
must use DNAT from the loc zone as well (see below).</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# PORT(S) PORT(S) DEST
Web(DNAT) loc dmz:10.10.11.2 - - - <replaceable>external-ip-address</replaceable></programlisting>
<para>where <replaceable>external-ip-address</replaceable> is the
IP address of the firewall's external interface.</para>
</listitem>
<listitem>
@ -839,7 +847,7 @@ Web(ACCEPT) loc dmz:10.10.11.2</programlisting><itemizedlist>
<literal>http://w.x.y.z:5000 where w.x.y.z</literal> is your
external IP).<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE
# PORT(S)
DNAT net dmz:10.10.11.2:80 tcp 80 5000</programlisting></para>
DNAT net dmz:10.10.11.2:80 tcp 5000</programlisting></para>
</listitem>
<listitem>

9
docs/two-interface.xml
View File

@ -752,10 +752,17 @@ root@lists:~# </programlisting>
class="directory">/etc/shorewall/</filename><filename>rules</filename>
file.</para>
<para>The general form of a simple port forwarding rule in <filename
<para>For forwarding connections from the <emphasis>net</emphasis> zone to
a server in the <emphasis>loc</emphasis> zone, the general form of a
simple port forwarding rule in <filename
class="directory">/etc/shorewall/</filename><filename>rules</filename> is:
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
DNAT net loc:<emphasis>&lt;server local ip address&gt;</emphasis>[:<emphasis>&lt;server port&gt;</emphasis>] <emphasis>&lt;protocol&gt;</emphasis> <emphasis>&lt;port&gt;</emphasis></programlisting><important>
<para><emphasis role="bold">If you want to forward traffic from the
<emphasis>loc</emphasis> zone to a server in the
<emphasis>loc</emphasis> zone, see <ulink url="FAQ.htm#faq2">Shorewall
FAQ 2</ulink>.</emphasis></para>
</important><important>
<para>Be sure to add your rules after the line that reads <emphasis
role="bold">SECTION NEW.</emphasis></para>
</important><important>