Version 5 (modified by ibaldin, 8 years ago)

--

SHOREWAL DNAT port-forwarding proxy

Overview

This proxy mechanism relies on dynamically manipulating firewall rules on a Linux host running Shorewall firewall management framework to install and remove firewall rules to remap internal IP addresses and ports of VMs (typically port 22 - SSH) to the publicly addressable IP address of the firewall host and a different port address. The additional scripts developed for Shorewall are independent of ORCA, however they help bridge the gap between Shorewall and ORCA handlers by providing a simple API that lets the user (remotely) add and remove DNAT port-forwarding rules for VMs.

Installation

Pitfalls

Be sure to allow tomcat connections (if ORCA tomcat is also running on the proxy host). Append the following to /etc/shorewall/rules:

# ORCA tomcat
ACCEPT          net             $FW             tcp     11080
ACCEPT          loc             $FW             tcp     11080