[ILUG] Shorewall gurus: Connection redirect problem
thomas at staffeurs.org
Fri Sep 16 15:41:51 IST 2011
Even though you can direct traffic from external-to-external, unless
it's usng a local proxy like balance, the response will fly directly
from the external server to the client, and so arriving out-of-context.
On 16/09/11 16:12, Kenn Humborg wrote:
>> Have you set "net.ipv4.ip_forward=1" in /etc/sysctl.conf?
> Yup. DNAT from outside to inside (e.g. port 80 on firewall
> goes to internal web server) and SNAT from inside to
> outside (internal machine opens TCP connection to
> external host) are working fine.
> It's just this external-to-external bit that's not working.
More information about the ILUG