mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 14:20:40 +01:00
Enhance DNAT documentation again
This commit is contained in:
parent
ad57272c7f
commit
3c4336da58
@ -223,7 +223,8 @@
|
|||||||
it.</title>
|
it.</title>
|
||||||
|
|
||||||
<para><emphasis role="bold">Answer:</emphasis> The format of a
|
<para><emphasis role="bold">Answer:</emphasis> The format of a
|
||||||
port-forwarding rule to a local system is as follows:</para>
|
port-forwarding rule <emphasis>from the net</emphasis> to a local system
|
||||||
|
is as follows:</para>
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT
|
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT
|
||||||
DNAT net loc:<emphasis>local-IP-address</emphasis>[:<emphasis>local-port</emphasis>] <emphasis>protocol</emphasis> <emphasis>port-number</emphasis></programlisting>
|
DNAT net loc:<emphasis>local-IP-address</emphasis>[:<emphasis>local-port</emphasis>] <emphasis>protocol</emphasis> <emphasis>port-number</emphasis></programlisting>
|
||||||
@ -253,6 +254,12 @@ DNAT net:<emphasis>address</emphasis> loc:<emphasis>local-IP-address</empha
|
|||||||
column specify the range as
|
column specify the range as
|
||||||
<emphasis>low-port:high-port</emphasis>.</para>
|
<emphasis>low-port:high-port</emphasis>.</para>
|
||||||
|
|
||||||
|
<important>
|
||||||
|
<para><emphasis role="bold">The above does not work for forwarding
|
||||||
|
from the local network. If you want to do that, see <link
|
||||||
|
linkend="faq2">FAQ 2</link>.</emphasis></para>
|
||||||
|
</important>
|
||||||
|
|
||||||
<section id="faq1a">
|
<section id="faq1a">
|
||||||
<title>(FAQ 1a) Okay -- I followed those instructions but it doesn't
|
<title>(FAQ 1a) Okay -- I followed those instructions but it doesn't
|
||||||
work</title>
|
work</title>
|
||||||
|
@ -829,7 +829,15 @@ Web(ACCEPT) loc dmz:10.10.11.2</programlisting><itemizedlist>
|
|||||||
<listitem>
|
<listitem>
|
||||||
<para>When you are connecting to your server from your local
|
<para>When you are connecting to your server from your local
|
||||||
systems, you must use the server's internal IP address
|
systems, you must use the server's internal IP address
|
||||||
(<systemitem class="ipaddress">10.10.11.2</systemitem>).</para>
|
(<systemitem class="ipaddress">10.10.11.2</systemitem>) or you
|
||||||
|
must use DNAT from the loc zone as well (see below).</para>
|
||||||
|
|
||||||
|
<programlisting>#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
|
||||||
|
# PORT(S) PORT(S) DEST
|
||||||
|
Web(DNAT) loc dmz:10.10.11.2 - - - <replaceable>external-ip-address</replaceable></programlisting>
|
||||||
|
|
||||||
|
<para>where <replaceable>external-ip-address</replaceable> is the
|
||||||
|
IP address of the firewall's external interface.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -839,7 +847,7 @@ Web(ACCEPT) loc dmz:10.10.11.2</programlisting><itemizedlist>
|
|||||||
<literal>http://w.x.y.z:5000 where w.x.y.z</literal> is your
|
<literal>http://w.x.y.z:5000 where w.x.y.z</literal> is your
|
||||||
external IP).<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE
|
external IP).<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE
|
||||||
# PORT(S)
|
# PORT(S)
|
||||||
DNAT net dmz:10.10.11.2:80 tcp 80 5000</programlisting></para>
|
DNAT net dmz:10.10.11.2:80 tcp 5000</programlisting></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -752,10 +752,17 @@ root@lists:~# </programlisting>
|
|||||||
class="directory">/etc/shorewall/</filename><filename>rules</filename>
|
class="directory">/etc/shorewall/</filename><filename>rules</filename>
|
||||||
file.</para>
|
file.</para>
|
||||||
|
|
||||||
<para>The general form of a simple port forwarding rule in <filename
|
<para>For forwarding connections from the <emphasis>net</emphasis> zone to
|
||||||
|
a server in the <emphasis>loc</emphasis> zone, the general form of a
|
||||||
|
simple port forwarding rule in <filename
|
||||||
class="directory">/etc/shorewall/</filename><filename>rules</filename> is:
|
class="directory">/etc/shorewall/</filename><filename>rules</filename> is:
|
||||||
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
|
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
|
||||||
DNAT net loc:<emphasis><server local ip address></emphasis>[:<emphasis><server port></emphasis>] <emphasis><protocol></emphasis> <emphasis><port></emphasis></programlisting><important>
|
DNAT net loc:<emphasis><server local ip address></emphasis>[:<emphasis><server port></emphasis>] <emphasis><protocol></emphasis> <emphasis><port></emphasis></programlisting><important>
|
||||||
|
<para><emphasis role="bold">If you want to forward traffic from the
|
||||||
|
<emphasis>loc</emphasis> zone to a server in the
|
||||||
|
<emphasis>loc</emphasis> zone, see <ulink url="FAQ.htm#faq2">Shorewall
|
||||||
|
FAQ 2</ulink>.</emphasis></para>
|
||||||
|
</important><important>
|
||||||
<para>Be sure to add your rules after the line that reads <emphasis
|
<para>Be sure to add your rules after the line that reads <emphasis
|
||||||
role="bold">SECTION NEW.</emphasis></para>
|
role="bold">SECTION NEW.</emphasis></para>
|
||||||
</important><important>
|
</important><important>
|
||||||
|
Loading…
Reference in New Issue
Block a user