----- Original Message -----
From: "Tom Eastep" <teastep@shorewall.net>
To: "Nerijus Baliunas" <nerijus@users.sourceforge.net>
Sent: Thursday, March 28, 2002 5:58 AM
Subject: Re: Re[5]: [Shorewall-users] routing problem
>
> ----- Original Message -----
> From: "Nerijus Baliunas" <nerijus@users.sourceforge.net>
> To: <shorewall-users@shorewall.net>
> Sent: Thursday, March 28, 2002 1:43 AM
> Subject: Re[5]: [Shorewall-users] routing problem
>
>
> > On Wed, 27 Mar 2002 17:21:39 -0800 Tom Eastep
<teastep@shorewall.net>
> wrote:
> >
> > TE> > Tried the following config unsuccessfully:
> > TE> > rules:
> > TE> > ACCEPT dmz loc:192.168.56.21:161 udp 163 -
> 213.197.143.57
> > TE> >
> > TE> > I.e. connection from dmz to 213.197.143.57 port 163 should
be
> forwarded to
> > TE> > loc:192.168.56.21:161. Is it impossible to forward udp
packets?
> > TE> >
> > TE>
> > TE> The rule that you have written says:
> > TE>
> > TE> For connections from the DMZ to UDP port 163 on 213.197.143.57,
> forward the
> > TE> connection to the loc zone, host 192.168.56.21 port 161. I
don''t
think> > TE> that''s what you wanted is it?
> >
> > It is what I wanted, but it doesn''t work. I forward ports
162, 163 and
164> to
> > 3 different hubs (port 161).
> > Is port 161 enough for mrtg to work?
>
> Er:
>
> a) The rule that you posted is forwarding port 163 to port 161 and
that''s
> all!!!
> b) Port 161 -> port 161 is ALL that''s required for MRTG to work
(look at
my> config files at http://www.shorewall.net/myfiles.htm).
>
> >
> > TE> It is perfectly possible to forward udp packets given the
proper
rule.> > TE> Again, the (simplified) format of port forwarding rule is:
> > TE>
> > TE> ACCEPT <src zone> <dest zone>:<server
ip>[:<server port>] <protocol>
> <port>
> > TE> [ <client ports> | - [ <dest ip> | all ] ]
> >
> > My rule is OK, isn''t it?
> >
>
> Well, it isn''t what I would have written if I wanted to port
forward port
> 161. Just so we are clear on your network topology, 213.197.143.57 is the
IP> address of the firewall''s interface to the DMZ right?
>
> -Tom
> --
> Tom Eastep \ Shorewall - iptables made easy
> AIM: tmeastep \ http://www.shorewall.net
> ICQ: #60745924 \ teastep@shorewall.net
>
>
>