Shorewall users - Feb 2012 - IPTables / Shorewall.

Hello All,

I have a doubt about converting some iptables rules to shorewall, I have a
setup with $FW, loc, net in my rules file I want to implement the following
rule to use with IMSpector, I tried find something equivalent but no luck...

iptables -t nat -A OUTPUT -p tcp --destination-port 1863 -m owner
--uid-owner 100 -j REDIRECT --to-ports 16667

So if anyone can help I will be grateful!!!

Best regards,
Arnaldo Giacomitti Junior


------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

On Wed, 2012-02-01 at 16:58 -0200, Arnaldo Giacomitti Junior
wrote:
> Hello All,
> 
> 
> I have a doubt about converting some iptables rules to shorewall, I
> have a setup with $FW, loc, net in my rules file I want to implement
> the following rule to use with IMSpector, I tried find something
> equivalent but no luck...
> 
> 
> iptables -t nat -A OUTPUT -p tcp --destination-port 1863 -m owner
> --uid-owner 100 -j REDIRECT --to-ports 16667
> 
> 
> So if anyone can help I will be grateful!!!
In /etc/shorewall/rules:

	#ACTION		SOURCE	DEST	PROTO	DEST	SOURCE	ORIGINAL	RATE	USER/
	#					PORT(S)	PORT(S)	DEST		LIMIT	GROUP
	REDIRECT-	$FW	16667	tcp	1863	-	-		-	100

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

Thanks Tom!

Also I can use:

REDIRECT-       $FW:192.168.0.232     16667   tcp     1863    -       -
          -       100

For just redirect one machine????

Best regards,
Arnaldo.



On Wed, Feb 1, 2012 at 18:52, Tom Eastep <teastep@shorewall.net> wrote:
> On Wed, 2012-02-01 at 16:58 -0200, Arnaldo Giacomitti Junior wrote:
> > Hello All,
> >
> >
> > I have a doubt about converting some iptables rules to shorewall, I
> > have a setup with $FW, loc, net in my rules file I want to implement
> > the following rule to use with IMSpector, I tried find something
> > equivalent but no luck...
> >
> >
> > iptables -t nat -A OUTPUT -p tcp --destination-port 1863 -m owner
> > --uid-owner 100 -j REDIRECT --to-ports 16667
> >
> >
> > So if anyone can help I will be grateful!!!
>
> In /etc/shorewall/rules:
>
>        #ACTION         SOURCE  DEST    PROTO   DEST    SOURCE  ORIGINAL
>      RATE    USER/
>        #                                       PORT(S) PORT(S) DEST
>      LIMIT   GROUP
>        REDIRECT-       $FW     16667   tcp     1863    -       -
>     -       100
>
> -Tom
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
>
------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

On Thu, 2012-02-02 at 12:59 -0200, Arnaldo Giacomitti Junior wrote:
> Also I can use:
> 
> 
> REDIRECT-       $FW:192.168.0.232     16667   tcp     1863    -       -    
-       100
> 
To redirect only traffic addressed *to* 192.168.0.232, you would use:

       #ACTION         SOURCE  	DEST    PROTO   DEST    SOURCE  ORIGINAL       
RATE    USER/
       #                                       	PORT(S) PORT(S) DEST           
LIMIT   GROUP
       REDIRECT-	$FW	16667	tcp	1863	-	192.168.0.232	-	100

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d