------------1201D7031746ABE Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Shorewall-users, I need to create a port on one of my systems which would get redirected to the same system, but a different port. This is a stand alone system, NATing is turned off. I tried the following in the rules file: ACCEPT net:26 $FW::smtp tcp 25 ACCEPT $FW $FW tcp smtp ACCEPT loc $FW tcp smtp but it didn''t work (I also had a 26 instead of 25 at the end of the first line, no go). What am I missing? Thanks in advance. JBB Jonathan B. Bayer mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjzAqKAACgkQLWek1tt+K52SUwCcCwHU2UpxJ16n9D6GettnSQGk QXoAnjb6BBK2Gjz7bTpwk1HnoUwNyLk7 =BKvL -----END PGP SIGNATURE----- ------------1201D7031746ABE Content-Type: text/x-vcard; name="vCard.vcf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="vCard.vcf" BEGIN:VCARD VERSION:2.1 N:Bayer;Jonathan;B.;Mr. FN:Jonathan B. Bayer EMAIL;PREF;INTERNET:jbayer@spamcop.net ORG:Dynamic Logic, Inc. TITLE:Director of Technology TEL;WORK;VOICE:(646) 742-4944 TEL;HOME;VOICE:(732) 283-2615 TEL;CELL;VOICE:(732) 423-3810 ADR;WORK:;;3 Park Ave., 37th Floor;New York;NY;10016;USA LABEL;WORK;ENCODING=QUOTED-PRINTABLE:3 Park Ave., 37th Floor=0D=0ANew York=0D=0ANY=0D=0A10016=0D=0AUSA ADR;HOME:;;99 Trento St.;Iselin;NJ;08830;USA LABEL;HOME;ENCODING=QUOTED-PRINTABLE:99 Trento St.=0D=0AIselin=0D=0ANJ =0D=0A08830=0D=0AUSA URL;WORK:www.dynamiclogic.com REV:18991230T050000Z END:VCARD ------------1201D7031746ABE--
Try this: ACCEPT net $FW:25 tcp 26 - all --- Aaron Axelsen AIM: AAAK2 Email: axelseaa@amadmax.com URL: www.amadmax.com "It said, ""Insert disk #3,"" but only two will fit!" "One picture is worth 128K words." -----Original Message----- From: shorewall-users-admin@shorewall.net [mailto:shorewall-users-admin@shorewall.net] On Behalf Of Jonathan B. Bayer Sent: Friday, April 19, 2002 6:31 PM To: Shorewall-users@shorewall.net Subject: [Shorewall-users] Redirecting ports -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Shorewall-users, I need to create a port on one of my systems which would get redirected to the same system, but a different port. This is a stand alone system, NATing is turned off. I tried the following in the rules file: ACCEPT net:26 $FW::smtp tcp 25 ACCEPT $FW $FW tcp smtp ACCEPT loc $FW tcp smtp but it didn''t work (I also had a 26 instead of 25 at the end of the first line, no go). What am I missing? Thanks in advance. JBB Jonathan B. Bayer mailto:jbayer@bayerfamily.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjzAqKAACgkQLWek1tt+K52SUwCcCwHU2UpxJ16n9D6GettnSQGk QXoAnjb6BBK2Gjz7bTpwk1HnoUwNyLk7 =BKvL -----END PGP SIGNATURE-----
On Fri, 19 Apr 2002, Aaron Axelsen wrote:> Try this: > ACCEPT net $FW:25 tcp 26 - all >You need: ACCEPT net $FW::25 tcp 26 - all That redirects port 26->port 25. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Why the "::"?? Is that only needed to redirect locally? I have rules like ACCEPT net loc:192.168.1.1:5880 tcp 5880 - all And those work. --- Aaron Axelsen AIM: AAAK2 Email: axelseaa@amadmax.com URL: www.amadmax.com "It said, ""Insert disk #3,"" but only two will fit!" "One picture is worth 128K words." -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Friday, April 19, 2002 7:12 PM To: Aaron Axelsen Cc: ''Jonathan B. Bayer''; Shorewall-users@shorewall.net Subject: RE: [Shorewall-users] Redirecting ports On Fri, 19 Apr 2002, Aaron Axelsen wrote:> Try this: > ACCEPT net $FW:25 tcp 26 - all >You need: ACCEPT net $FW::25 tcp 26 - all That redirects port 26->port 25. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Fri, 19 Apr 2002, Aaron Axelsen wrote:> Why the "::"?? > > Is that only needed to redirect locally? >Yes.> I have rules like > ACCEPT net loc:192.168.1.1:5880 tcp 5880 - all > > And those work. >Yep -- but 192.168.1.1 isn''t an IP on the firewall, I''m betting... -Tom> --- > Aaron Axelsen > AIM: AAAK2 > Email: axelseaa@amadmax.com > URL: www.amadmax.com > > "It said, ""Insert disk #3,"" but only two will fit!" > "One picture is worth 128K words." > > > -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Friday, April 19, 2002 7:12 PM > To: Aaron Axelsen > Cc: ''Jonathan B. Bayer''; Shorewall-users@shorewall.net > Subject: RE: [Shorewall-users] Redirecting ports > > > On Fri, 19 Apr 2002, Aaron Axelsen wrote: > > > Try this: > > ACCEPT net $FW:25 tcp 26 - all > > > > You need: > > ACCEPT net $FW::25 tcp 26 - all > > That redirects port 26->port 25. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > >-- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net