How to forward all ports to a ‘dmz’ with Shorewall
Open up /etc/shorewall/rules in your favorite text editor (nano) as root. Add this line (and replace 192.168.0.2 with your ‘DMZ’ computer):
DNAT net loc:192.168.0.2 all
The confusion stems from the fact that most consumer-grade hardware routers consider the DMZ to be “the place where I forward everything.” Drove me nuts trying to figure this out, so hopefully this will help you.
Of course, to guarantee that your computer has that IP address when using DHCP, you must add to /etc/dhcp.conf the following:
host hostname {
hardware ethernet [MAC address] ;
fixed-address 192.168.0.2;
}
Disclaimer: All I know about Shorewall and networking are enough to get me by.
My file server/router is almost complete!
Filed by xtravar at August 15th, 2009 under linux