Shorewall users - Jul 2004 - Redirect rule

Hi all,

I''m trying to redirect something like http://www.domain.com:30000/ to 
port 80 on the local firewall with a REDIRECT rule:

REDIRECT        net                     80              tcp     30000

It''s working fine, but when i add the rule, it not only allows me to 
connect to port 30000 like expected, but also directly to port 80. Where 
am i going wrong? How to allow traffic from net to port 30000, while 
rejecting on port 80?

Shorewall version is 1.4.10d.

Thanks,
-- 
  - Pieter

Pieter Ennes wrote:
> Hi all,
> 
> I''m trying to redirect something like http://www.domain.com:30000/
to
> port 80 on the local firewall with a REDIRECT rule:
> 
> REDIRECT        net                     80              tcp     30000
> 
> It''s working fine, but when i add the rule, it not only allows me
to
> connect to port 30000 like expected, but also directly to port 80. Where 
> am i going wrong?
You''re not going wrong.
> How to allow traffic from net to port 30000, while 
> rejecting on port 80?
Netfilter lacks the ability to do this in any nice way that can be 
automated in Shorewall. Using /etc/shorewall/start, you will have to 
insert a DROP rule for port 80 into the nat table''s
''net_dnat'' chain to
drop port 80:

	run_iptables -t nat -I net_dnat -p tcp --dport 80 -j DROP

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep wrote:
> Netfilter lacks the ability to do this in any nice way that can be 
> automated in Shorewall. Using /etc/shorewall/start, you will have to 
> insert a DROP rule for port 80 into the nat table''s
''net_dnat'' chain to
> drop port 80:
> 
>     run_iptables -t nat -I net_dnat -p tcp --dport 80 -j DROP
Thanks Tom, though i think i''m just going to try running a virtual host
on the other port...

Cheers,
-- 
  - Pieter