Hi All I have had a look through the documentation but I can''t see how to do this. I want to setup DNAT for an incoming connection. The connection must be forwarded to a server on a masqueraded server behind the firewall. The tricky part is I need to forward to a different port to the one that the request arrived on. I can do this: firewall.public.ip:5800 -> masqueraded.server.ip:5800 by putting this into "rules" #ACTION SRC DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST DNAT net loc:192.168.40.9 tcp 5800 But how do I forward this? ie: firewall.public.ip:100 -> masqueraded.server.ip:101 I have previously set this up under "ipchains" kernels using ipmasqadm via the following command. ipmasqadm portfw -a -P tcp -L $IPLOCAL 5801 -R 192.168.1.51 5800 I know it must be in the documentation somewhere, I just can''t find it ... Thanks Ian
On Tuesday, 3 August 2004 13:25, Ian Forbes wrote: I think I have found the answer to my own question> I can do this: > > firewall.public.ip:5800 -> masqueraded.server.ip:5800 > > by putting this into "rules" > > #ACTION SRC DEST PROTO DEST SOURCE ORIGINAL > # PORT PORT(S) DEST > DNAT net loc:192.168.40.9 tcp 5800 > > But how do I forward this? > > ie: firewall.public.ip:100 -> masqueraded.server.ip:101DNAT net loc:192.168.40.9:5800 tcp 5801 appears to do it.> I know it must be in the documentation somewhere, I just can''t > find it ...From http://shorewall.net/Documentation.htm#Rules <quote> DEST Describes the destination host(s) to which the rule applies. May take most of the forms described above for SOURCE plus the following two additional forms: An IP address followed by a colon and the port number that the server is listening on (service names from /etc/services are not allowed - example loc:192.168.1.3:80). </quote> Regards Ian
Ian Forbes wrote:> On Tuesday, 3 August 2004 13:25, Ian Forbes wrote: > > I think I have found the answer to my own question > > > From http://shorewall.net/Documentation.htm#Rules >This information is also available in FAQ 1c. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net