Hi, I''m new to shorewall and to this list. I just switched from custom iptables-based scripts to shorewall, and everything seems to work smoothly. There''s only one thing I wasn''t able to port : rules similar to this one : iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5190 -j REDIRECT --to-ports 5190 Can this be expressed using shorewall config files ? Or should I insert these rules in an extension script ? Thanks, Olivier.
On Monday 05 January 2004 07:43 am, olivier.parisy@free.fr wrote:> Hi, > > I''m new to shorewall and to this list. > > I just switched from custom iptables-based scripts to shorewall, > and everything seems to work smoothly. There''s only one thing I > wasn''t able to port : rules similar to this one : > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5190 -j REDIRECT > --to-ports 5190 > > Can this be expressed using shorewall config files ? Or should I > insert these rules in an extension script ? >That''s just a simple Shorewall REDIRECT rule... REDIRECT z 5190 tcp 5190 where "z" is the zone interfacing through eth0. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Monday 05 January 2004 07:55 am, Tom Eastep wrote:> On Monday 05 January 2004 07:43 am, olivier.parisy@free.fr wrote: > > Hi, > > > > I''m new to shorewall and to this list. > > > > I just switched from custom iptables-based scripts to shorewall, > > and everything seems to work smoothly. There''s only one thing I > > wasn''t able to port : rules similar to this one : > > > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5190 -j REDIRECT > > --to-ports 5190 > > > > Can this be expressed using shorewall config files ? Or should I > > insert these rules in an extension script ? > > That''s just a simple Shorewall REDIRECT rule... > > REDIRECT z 5190 tcp 5190 > > where "z" is the zone interfacing through eth0. >Note that Shorewall REDIRECT creates two Netfilter rules: a) The nat table rule you describe above; b) An ACCEPT rule in the filter table. If you only want the nat table rule then use REDIRECT- rather than REDIRECT. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net