Comments on: How To Use Multiple Red IPs With Smoothwall 3.0 Express http://davmp.kimanddave.com/2008/02/11/how-to-use-multiple-red-ips-with-smoothwall-30-express/ My mental mumblings on a chaotic timeline Sat, 24 Jul 2010 10:51:34 -0500 http://wordpress.org/?v=2.8.3 hourly 1 By: Matthew Smart http://davmp.kimanddave.com/2008/02/11/how-to-use-multiple-red-ips-with-smoothwall-30-express/comment-page-1/#comment-104 Matthew Smart Fri, 26 Sep 2008 18:37:45 +0000 http://davmp.kimanddave.com/2008/02/11/how-to-use-multiple-red-ips-with-smoothwall-30-express/#comment-104 Great post, but I am having a little difficulty with the script and the latest version of smoothwall express 3. At first the rules were not going in because the index (24) was too large. After reading your post, I set it to 21 so that the rules added preceded the log and reject rules. Now the rules input at the right place without error, I can ping the external ip, but all forwards time out without ever hitting the internal server. The other external ip address still works fine and forward appropriately. Here is the output of your script. I can provide the full iptables -L if needed. Thanks for the help. Adding external ip forwarding from XXX.XXX.XXX.XXX (on eth1:1) to 192.168.0.109 (on eth0) test eth1 ifconfig eth1:1 XXX.XXX.XXX.XXX broadcast XXX.XXX.XXX.103 netmask 255.255.255.248 iptables -t nat -A portfw -p TCP -d XXX.XXX.XXX.XXX --dport 80 -j DNAT --to 192.168.0.109 iptables -I FORWARD 21 -p TCP -i eth1 -d 192.168.0.109 --dport 80 -o eth0 -j ACCEPT iptables -t nat -A portfw -p TCP -d XXX.XXX.XXX.XXX --dport 443 -j DNAT --to 192.168.0.109 iptables -I FORWARD 21 -p TCP -i eth1 -d 192.168.0.109 --dport 443 -o eth0 -j ACCEPT iptables -t nat -A portfw -p TCP -d XXX.XXX.XXX.XXX --dport 21 -j DNAT --to 192.168.0.109 iptables -I FORWARD 21 -p TCP -i eth1 -d 192.168.0.109 --dport 21 -o eth0 -j ACCEPT iptables -t nat -A portfw -p TCP -d XXX.XXX.XXX.XXX --dport 22 -j DNAT --to 192.168.0.109 iptables -I FORWARD 21 -p TCP -i eth1 -d 192.168.0.109 --dport 22 -o eth0 -j ACCEPT iptables -t nat -A portfw -p UDP -d XXX.XXX.XXX.XXX --dport 21 -j DNAT --to 192.168.0.109 iptables -I FORWARD 21 -p UDP -i eth1 -d 192.168.0.109 --dport 21 -o eth0 -j ACCEPT iptables -t nat -I POSTROUTING -s 192.168.0.109 -o eth1 -j SNAT --to-source XXX.XXX.XXX.XXX Great post, but I am having a little difficulty with the script and the latest version of smoothwall express 3. At first the rules were not going in because the index (24) was too large. After reading your post, I set it to 21 so that the rules added preceded the log and reject rules. Now the rules input at the right place without error, I can ping the external ip, but all forwards time out without ever hitting the internal server. The other external ip address still works fine and forward appropriately. Here is the output of your script. I can provide the full iptables -L if needed. Thanks for the help.

Adding external ip forwarding from XXX.XXX.XXX.XXX (on eth1:1) to 192.168.0.109 (on eth0) test eth1
ifconfig eth1:1 XXX.XXX.XXX.XXX broadcast XXX.XXX.XXX.103 netmask 255.255.255.248
iptables -t nat -A portfw -p TCP -d XXX.XXX.XXX.XXX –dport 80 -j DNAT –to 192.168.0.109
iptables -I FORWARD 21 -p TCP -i eth1 -d 192.168.0.109 –dport 80 -o eth0 -j ACCEPT
iptables -t nat -A portfw -p TCP -d XXX.XXX.XXX.XXX –dport 443 -j DNAT –to 192.168.0.109
iptables -I FORWARD 21 -p TCP -i eth1 -d 192.168.0.109 –dport 443 -o eth0 -j ACCEPT
iptables -t nat -A portfw -p TCP -d XXX.XXX.XXX.XXX –dport 21 -j DNAT –to 192.168.0.109
iptables -I FORWARD 21 -p TCP -i eth1 -d 192.168.0.109 –dport 21 -o eth0 -j ACCEPT
iptables -t nat -A portfw -p TCP -d XXX.XXX.XXX.XXX –dport 22 -j DNAT –to 192.168.0.109
iptables -I FORWARD 21 -p TCP -i eth1 -d 192.168.0.109 –dport 22 -o eth0 -j ACCEPT
iptables -t nat -A portfw -p UDP -d XXX.XXX.XXX.XXX –dport 21 -j DNAT –to 192.168.0.109
iptables -I FORWARD 21 -p UDP -i eth1 -d 192.168.0.109 –dport 21 -o eth0 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.109 -o eth1 -j SNAT –to-source XXX.XXX.XXX.XXX

]]>