Shorewall users - Dec 2002 - FW -> FW Redirect

Hello !

I upgraded to shorewall 1.3.11a and iptables 1.2.7a and my rule
#
# Run ssh-smtp tunnel on the firewall an do transparent proxying
REDIRECT        $FW     2525    tcp     smtp    -       !192.168.0.0/16

doesn''t work any more. How can I do a port redirection of locally 
originating connections to anther port ? In my case a ssh tunnel.

Thanks for your great work

Bye
-- 
DATABAY AG
Hüttenstraße 7
D-52068 Aachen

Telefon: (0241) 991210
Fax: (0241) 9912159
http://www.databay.de

--On Friday, December 13, 2002 07:13:30 PM +0100 Ralf Schenk 
<rs@databay.de> wrote:
> I upgraded to shorewall 1.3.11a and iptables 1.2.7a and my rule
>#
># Run ssh-smtp tunnel on the firewall an do transparent proxying
> REDIRECT        $FW     2525    tcp     smtp    -       !192.168.0.0/16
>
> doesn''t work any more. How can I do a port redirection of locally
> originating connections to anther port ? In my case a ssh tunnel.
Hmmm - don''t know what I want to do about that.

To work around the problem

1) Comment out your current rule.
2) Create /etc/shorewall/start if it doesn''t already exist and in it
place:

run_iptables -t nat -A OUTPUT -p tcp -d ! 192.168.0.0/16 --dport smtp -j 
REDIRECT --to-ports 2525

Please let me know if that works.
-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net

--On Friday, December 13, 2002 07:13:30 PM +0100 Ralf Schenk 
<rs@databay.de> wrote:
> Hello !
>
> I upgraded to shorewall 1.3.11a and iptables 1.2.7a and my rule
>#
># Run ssh-smtp tunnel on the firewall an do transparent proxying
> REDIRECT        $FW     2525    tcp     smtp    -       !192.168.0.0/16
>
> doesn''t work any more. How can I do a port redirection of locally
> originating connections to anther port ? In my case a ssh tunnel.
>
Please ignore my advice in the previous message (although it should work). 
The version of the firewall script in the CVS STABLE branch should fix your 
problem. Please give it a try and let me know if it works ok for you.

Thanks & sorry for the regression,
-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net