Malcolm Gray
2002-Apr-29 17:15 UTC
[Shorewall-users] Mixing static nat and port forwarding
Is there a way to mix static NAT and port forwarding or is it only possible to use a rule to port forward other IPs? In my tests using ACCEPT net loc:192.168.134.1:80 tcp http - all This worked if (from outside) I connected to the IP address of the external interface but failed (package went throught to Static NATed machine) for those IPs that used Static NAT. I have searched the mailing list and the web site and not foudn anything that seems to cover this. -- Malcolm Gray Jobstream Group plc http://www.jobstream.com
On Mon, 29 Apr 2002, Malcolm Gray wrote:> Is there a way to mix static NAT and port forwarding > or is it only possible to use a rule to port forward > other IPs? > > In my tests using > ACCEPT net loc:192.168.134.1:80 tcp http - all > > This worked if (from outside) I connected to the IP > address of the external interface but failed (package > went throught to Static NATed machine) for those IPs > that used Static NAT. >Static NAT takes precedence over port forwarding. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Mon, 29 Apr 2002, Tom Eastep wrote:> > Static NAT takes precedence over port forwarding. >The ''firewall'' script and shorewall.conf in the Beta directory (http://www.shorewall.net/pub/shorewall/Beta) support a NAT_BEFORE_RULES variable. If you set it to "No", Port forwarding will take precedence over static NAT. Please give it a try. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net