Is it possible to set up a port forward with one interface ? I want to redirect request on port 25 to another computer. I have defined one single zone according the one-interface.tgz and my rule is : DNAT net net:194.206.222.235 tcp 25 And in my log i can see shorewall:FORWARD:REJECT ...
On Fri, 6 Jun 2003 12:16:43 +0200, Antoine Noal <anoal@polychrome- intermedia.com> wrote:> Is it possible to set up a port forward with one interface ? > I want to redirect request on port 25 to another computer. I have > defined > one single zone according the one-interface.tgz and my rule is : > DNAT net net:194.206.222.235 tcp 25 > > And in my log i can see shorewall:FORWARD:REJECT ...FAQ #2 shows you how to do that. Be aware that all forwarded traffic will look like it is coming from your system rather than from the original client. Given that you are getting rejections in the FORWARD chain though, you have a more basic problem. See FAQ #17. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On Fri, 06 Jun 2003 06:06:43 -0700, Tom Eastep <teastep@shorewall.net> wrote:> > FAQ #2 shows you how to do that. Be aware that all forwarded traffic will > look like it is coming from your system rather than from the original > client. >I should add that FAQ #2 shows you how to do DNAT from the loc zone to the loc zone -- given that Shorewall attaches no meaning to the names of zones, the technique for DNAT from the net zone to the net zone is exactly the same. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net