holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Consolidate FAQs 1d and 2b

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8398 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-04-07 23:04:20 +00:00
parent 2cfe94c879
commit 31e8d5b8f5
1 changed files with 2 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
docs/FAQ.xml
View File

@ -351,43 +351,8 @@ DNAT net loc:192.168.1.3:22 tcp 1022</programlisting>
works fine but when my local users try to connect to the server using
the Firewall's external IP address, it doesn't work.</title>
<para><emphasis role="bold">Answer</emphasis>: Let's assume the
following:</para>
<itemizedlist>
<listitem>
<para>External IP address is 206.124.146.176 on <filename
class="devicefile">eth0</filename>.</para>
</listitem>
<listitem>
<para>Server's IP address is 192.168.2.4</para>
</listitem>
</itemizedlist>
<para>You can enable access to the server from your local network
using the firewall's external IP address by adding this rule:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
# PORT DEST
DNAT loc dmz:192.168.2.4 tcp 80 - 206.124.146.176</programlisting>
<para>If your external IP address is dynamic, then you must do the
following:</para>
<para>In <filename>/etc/shorewall/params</filename>:</para>
<programlisting><command>ETH0_IP=`find_interface_address eth0`</command> </programlisting>
<para>For users of Shorewall 2.1.0 and later:</para>
<programlisting><command>ETH0_IP=`find_first_interface_address eth0`</command></programlisting>
<para>and make your DNAT rule:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT SOURCE ORIGINAL
# PORT DEST.
DNAT loc dmz:192.168.2.4 tcp 80 - $ETH0_IP</programlisting>
<para><emphasis role="bold">Answer</emphasis>: See <link
linkend="faq2b">FAQ 2b</link>.</para>
</section>
<section id="faq1e">