Shorewall users - Dec 2004 - single port forward to external address

(non-subscriber -- please CC: any responses to me, thanks.)

I need to have port forwarding to an external interface''s IP address
enabled from the behind the firewall, but I don''t want all internal
traffic routed through the firewall as per 
http://www.shorewall.net/FAQ.htm#faq2a , just the traffic to two ports.
Is there any way to do this?

(I know this is more properly handled via DNS, but the software that
needs access to the port only accepts numeric IP addresses, stupidly
enough.)  

18:13:47 inside:~$ shorewall version
2.0.13

18:13:51 inside:~$ ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:60:08:a5:63:94 brd ff:ff:ff:ff:ff:ff
    inet 209.237.228.182/29 brd 209.237.228.183 scope global eth0
    inet 209.237.228.178/29 brd 209.237.228.183 scope global secondary eth0:1
    inet 209.237.228.179/29 brd 209.237.228.183 scope global secondary eth0:2
    inet 209.237.228.180/29 brd 209.237.228.183 scope global secondary eth0:3
    inet 209.237.228.181/29 brd 209.237.228.183 scope global secondary eth0:4
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:60:97:7d:11:97 brd ff:ff:ff:ff:ff:ff
    inet 192.168.60.254/24 brd 192.168.60.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:c0:f0:48:f3:e0 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.1/24 brd 10.10.10.255 scope global eth2

18:14:15 inside:~$ ip route show
209.237.228.176/29 dev eth0  proto kernel  scope link  src
209.237.228.182 
192.168.60.0/24 dev eth1  proto kernel  scope link  src 192.168.60.254 
192.168.61.0/24 via 209.237.228.177 dev eth0 
10.10.10.0/24 dev eth2  proto kernel  scope link  src 10.10.10.1 
default via 209.237.228.177 dev eth0


Specifically, I need to get 209.237.228.182:3167-3168 accessible to
192.168.60.0/24.


Thanks,
Ludwig

On Mon, 2004-12-20 at 18:25 -0800, Ludwig wrote:
> (non-subscriber -- please CC: any responses to me, thanks.)
> 
> I need to have port forwarding to an external interface''s IP
address
> enabled from the behind the firewall, but I don''t want all
internal
> traffic routed through the firewall as per 
> http://www.shorewall.net/FAQ.htm#faq2a , just the traffic to two ports.
> Is there any way to do this?
> 
> (I know this is more properly handled via DNS, but the software that
> needs access to the port only accepts numeric IP addresses, stupidly
> enough.)  
> 
You can always apply the solution in FAQ 2.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On 20/12/04 19:36 -0800, Tom Eastep wrote:
> On Mon, 2004-12-20 at 18:25 -0800, Ludwig wrote:
> > (non-subscriber -- please CC: any responses to me, thanks.)
> > 
> > I need to have port forwarding to an external interface''s IP
address
> > enabled from the behind the firewall, but I don''t want all
internal
> > traffic routed through the firewall as per 
> > http://www.shorewall.net/FAQ.htm#faq2a , just the traffic to two
ports.
> > Is there any way to do this?
> > 
> > (I know this is more properly handled via DNS, but the software that
> > needs access to the port only accepts numeric IP addresses, stupidly
> > enough.)  
> > 
> 
> You can always apply the solution in FAQ 2.
>
Ah, thanks, that did it.  I had misread that item.

Ludwig