thr3ads.net - Shorewall users - [Shorewall-users] dnat rules problem [May 2003]

If this information is useful, please help other people find it:
Share via:

Rodrigo Cortes

2003-May-29 18:10 UTC

[Shorewall-users] dnat rules problem

i have problem with DNAT rules. i have two rules for forward port pop3 depend of
destiny. Example:

source x.x.x.x   dest a.a.a.a.a
source x.x.x.x  dest b.b.b.b.b

but the running run only work first rules and when see de rules online with
iptables -L -t nat , destination is any and destination dnat is IP:PORT


i have shorewall 1.4.3a latest stable this is a bug ?

Tom Eastep

2003-May-29 18:18 UTC

head link

[Shorewall-users] dnat rules problem

On Thu, 29 May 2003 17:41:05 -0400, Rodrigo Cortes <raprop@koslan.cl> 
wrote:
> i have problem with DNAT rules. i have two rules for forward port pop3 
> depend of destiny. Example:
>
> source x.x.x.x   dest a.a.a.a.a
> source x.x.x.x  dest b.b.b.b.b
>
> but the running run only work first rules and when see de rules online 
> with iptables -L -t nat , destination is any and destination dnat is 
> IP:PORT
>
So long as you treat the details of your problem as if they were state 
secrets, we can''t help you.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep

2003-May-30 06:26 UTC

head link

[Shorewall-users] dnat rules problem

On Fri, 30 May 2003 08:22:04 -0400, Rodrigo Cortes Cano <raprop@koslan.cl>
wrote:

>
> in the shorewall rules ip 1.1.1.145 read pop only for hosts x.x.x.x and 
> any ip in the lan read pop3 in y.y.y.y but 1.1.1.145 not read pop3 in 
> y.y.y.y
>
WHAT SHOREWALL RULES ARE YOU USING???????????????

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep

2003-May-30 08:50 UTC

head link

[Shorewall-users] dnat rules problem

On Fri, 30 May 2003 10:47:36 -0400, Rodrigo Cortes Cano <raprop@koslan.cl>
wrote:
> Hi!
>
> DNAT, this is rulez files
>
> DNAT    lan:1.1.1.235   wan:x.x.x.x     tcp     pop3    -
> DNAT    lan             wan:y.y.y.y     tcp     pop3    -
>
>
I don''t know exactly what you are trying to accomplish here but you
seem to
want to produce these rules:

iptables -A lan_dnat -s 1.1.1.235 -d x.x.x.x -p tcp -m tcp --dport 110 -j 
DNAT --to-
destination 164.77.62.6
iptables -A lan_dnat -s 1.1.1.0/255.255.255.0 -p tcp -m tcp --dport 110 -j 
DNAT --to-
destination y.y.y.y

To do that:

DNAT	lan:1.1.1.235	wan:164.77.62.6	tcp	110	-	x.x.x.x
DNAT	lan:1.1.1.0/24	wan:y.y.y.y

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

Shorewall users - May 2003 - dnat rules problem

[Shorewall-users] dnat rules problem

[Shorewall-users] dnat rules problem

[Shorewall-users] dnat rules problem

[Shorewall-users] dnat rules problem