Hi, I think I have found a small bug. The following line works DNAT net:1.2.3.4 loc:192.168.1.100:22 tcp 10022 and this does not work DNAT net:1.2.3.4 loc:192.168.1.100:ssh tcp 10022 It seem that shorewall does not accept service-names in the dnat-destination. Dirk ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Dirk Nehring wrote:> Hi, > > I think I have found a small bug. The following line works > > DNAT net:1.2.3.4 loc:192.168.1.100:22 tcp 10022 > > and this does not work > > DNAT net:1.2.3.4 loc:192.168.1.100:ssh tcp 10022 > > It seem that shorewall does not accept service-names in the > dnat-destination.From ''man shorewall-rules'': The port number MUST be specified as an integer and not as a name from services(5). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom Eastep wrote:> Dirk Nehring wrote: >> Hi, >> >> I think I have found a small bug. The following line works >> >> DNAT net:1.2.3.4 loc:192.168.1.100:22 tcp 10022 >> >> and this does not work >> >> DNAT net:1.2.3.4 loc:192.168.1.100:ssh tcp 10022 >> >> It seem that shorewall does not accept service-names in the >> dnat-destination. > > From ''man shorewall-rules'': > > The port number MUST be specified as an integer and not as a > name from services(5).Seems like a limitation that would be fairly straightforward to work around in shorewall-perl... (Note to Tom: that is not a request to implement it in the next 15 minutes. ;-) -- Paul <http://paul.gear.dyndns.org> -- Did you know? Using Microsoft Internet Explorer can make your computer less secure. Find out more at <http://browsehappy.com>. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/