Hi Just to follow on out of the a new thread.> Your first rule is functionally equivalent to: > DNAT net loc:191.168.0.18 tcp 1494 - 192.22.213.98 > Incidentally, are you really using "191.168.0.0/24" for internal addresses?Do you know of a way I can fix this without having to change all the address virtually simultaneously. I have an idea one can be done with Shorewall, I just have no clue how to start. Kim
Kim White wrote:> Hi > > Just to follow on out of the a new thread. > > >>Your first rule is functionally equivalent to: >>DNAT net loc:191.168.0.18 tcp 1494 - 192.22.213.98 >>Incidentally, are you really using "191.168.0.0/24" for internal addresses? > > > Do you know of a way I can fix this without having to change all the address virtually simultaneously. I have an idea one can be > done with Shorewall, I just have no clue how to start.1) Add an alias in the 192.168.0.0/24 subnet to your local interface. 2) Set ''multi'' on your local interface in /etc/shorewall/interfaces. 3) Add a ''loc loc ACCEPT'' policy 4) Add an entry for 192.168.0.0/24 in the /etc/shorewall/masq file. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net