Harry Lachanas
2006-Apr-10 19:28 UTC
All kinds of traffic from net - > dmz, nothing gets REJECTED or DROPED
and Here is my rule that did this DNAT net:eth0 dmz:62.103.xx.101 - - - 62.103.xx.105,103.xx.106,... What I was trying to achieve: Since I am only using 3/16, I wanted to fake the rest of them as being alive hosts. Only to accept pings and some allowed protocols accessed from the net. What is wrong with my rule? Will REDIRECT work ??? Harry Regards. ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Harry Lachanas
2006-Apr-10 19:31 UTC
All kinds of traffic from net - > dmz, nothing gets REJECTED or DROPED
Sorry for the missing words. Here is my complete message. ----------------------------------------------------------------------------- Here is my rule that did this DNAT net:eth0 dmz:62.103.xx.101 - - - 62.103.xx.105,103.xx.106,... What I was trying to achieve: Since I am only using 3/16 ( Public IP addresses ) , I wanted to fake the rest of them as being alive hosts. Only to accept pings and some allowed protocols accessed from the net. What is wrong with my rule? Will REDIRECT work ??? Harry Regards. ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Tom Eastep
2006-Apr-10 19:37 UTC
Re: All kinds of traffic from net - > dmz, nothing gets REJECTED or DROPED
On Monday 10 April 2006 12:31, Harry Lachanas wrote:> Sorry for the missing words. > Here is my complete message. > > --------------------------------------------------------------------------- >-- Here is my rule that did this > > DNAT net:eth0 dmz:62.103.xx.101 - - - 62.103.xx.105,103.xx.106,... > > What I was trying to achieve: > Since I am only using 3/16 ( Public IP addresses ) , I wanted to fake > the rest of them as being > alive hosts. Only to accept pings and some allowed protocols accessed > from the net. > > What is wrong with my rule? > Will REDIRECT work ???I''m still not at all clear about what you are trying to do but I *think* that what you want is: DNAT- net:eth0 dmz:62.103.xx.101 - - - 62.103.xx.105,103.xx.106,... (Note the "-" after DNAT). That will cause the destination IP address to be rewritten but will not generate ACCEPT "all" rules for each of the listed IP addresses. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key