<adstar@genis-x.com>
2013-May-21 05:53 UTC
Redirect incoming port to another port internal.
Hi all, I have tried to figure out how to do this one but I think I have just confused myself more. My firewall is a 2 interface setup, the same box is my router to my uplink. I''m not using nat at all and have a public IP range behind this machine. net = eth0 loc = eth1 Most of my rules are mainly the basic HTTP(ACCEPT) net loc:111.111.111.112 SMTP(ACCEPT) net loc:111.111.111.113 etc This time around though I wish to just redirect (or is it translate) a port but because I''m not using nat etc I''m not sure if this is possible. I have a mail server behind my firewall that already has a rule in place SMTP(ACCEPT) net loc:111.1111.111.111 So this allows inbound port 25 connections to the machine on loc no issues at all. What I want to do is have an incoming connection on port 26 to 111.111.111.111 BUT redirect it to 111.111.111.111 but on port 25, is this possible? Cheers Adam ------------------------------------------------------------------------------ Try New Relic Now & We''ll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
On 05/20/2013 10:53 PM, adstar@genis-x.com wrote:> Hi all, > > I have tried to figure out how to do this one but I think I have just > confused myself more… > My firewall is a 2 interface setup, the same box is my router to my uplink. > > I’m not using nat at all and have a public IP range behind this machine. > > net = eth0 > > loc = eth1 > > > Most of my rules are mainly the basic > > HTTP(ACCEPT) net loc:111.111.111.112 > > SMTP(ACCEPT) net loc:111.111.111.113 > etc > > This time around though I wish to just redirect (or is it translate) a > port but because I’m not using nat etc I’m not sure if this is possible. > > I have a mail server behind my firewall that already has a rule in place > SMTP(ACCEPT) net loc:111.1111.111.111 > > So this allows inbound port 25 connections to the machine on loc no > issues at all. > > What I want to do is have an incoming connection on port 26 to > 111.111.111.111 BUT redirect it to 111.111.111.111 but on port 25, is > this possible?Yes -- Shorewall FAQ 1C. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try New Relic Now & We''ll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
On 05/21/2013 07:07 AM, Tom Eastep wrote:> On 05/20/2013 10:53 PM, adstar@genis-x.com wrote: >> Hi all, >> >> I have tried to figure out how to do this one but I think I have just >> confused myself more… >> My firewall is a 2 interface setup, the same box is my router to my uplink. >> >> I’m not using nat at all and have a public IP range behind this machine. >> >> net = eth0 >> >> loc = eth1 >> >> >> Most of my rules are mainly the basic >> >> HTTP(ACCEPT) net loc:111.111.111.112 >> >> SMTP(ACCEPT) net loc:111.111.111.113 >> etc >> >> This time around though I wish to just redirect (or is it translate) a >> port but because I’m not using nat etc I’m not sure if this is possible. >> >> I have a mail server behind my firewall that already has a rule in place >> SMTP(ACCEPT) net loc:111.1111.111.111 >> >> So this allows inbound port 25 connections to the machine on loc no >> issues at all. >> >> What I want to do is have an incoming connection on port 26 to >> 111.111.111.111 BUT redirect it to 111.111.111.111 but on port 25, is >> this possible? > > Yes -- Shorewall FAQ 1C.e.g. DNAT net loc::25 tcp 26 - 111.111.111.111 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try New Relic Now & We''ll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
<adstar@genis-x.com>
2013-May-21 22:53 UTC
Re: Redirect incoming port to another port internal.
Hi Tom, Fantastic, that worked perfectly. I did see the FAQ but my internal range isn''t NAT''d and I could quite figure out what to do. loc:: solved it perfectly. Thank you very much. Cheers Adam -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Wednesday, 22 May 2013 12:33 AM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] Redirect incoming port to another port internal. On 05/21/2013 07:07 AM, Tom Eastep wrote:> On 05/20/2013 10:53 PM, adstar@genis-x.com wrote: >> Hi all, >> >> I have tried to figure out how to do this one but I think I have just >> confused myself more. My firewall is a 2 interface setup, the same >> box is my router to my uplink. >> >> I''m not using nat at all and have a public IP range behind this machine. >> >> net = eth0 >> >> loc = eth1 >> >> >> Most of my rules are mainly the basic >> >> HTTP(ACCEPT) net loc:111.111.111.112 >> >> SMTP(ACCEPT) net loc:111.111.111.113 >> etc >> >> This time around though I wish to just redirect (or is it translate) >> a port but because I''m not using nat etc I''m not sure if this ispossible.>> >> I have a mail server behind my firewall that already has a rule in place >> SMTP(ACCEPT) net loc:111.1111.111.111 >> >> So this allows inbound port 25 connections to the machine on loc no >> issues at all. >> >> What I want to do is have an incoming connection on port 26 to >> 111.111.111.111 BUT redirect it to 111.111.111.111 but on port 25, is >> this possible? > > Yes -- Shorewall FAQ 1C.e.g. DNAT net loc::25 tcp 26 - 111.111.111.111 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try New Relic Now & We''ll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may