-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all,
im using shorewall 2.2.1 on a CentOS 4, im newbie with shorewall,
just testing it
i created a dnat rule like this
#ACTION SOURCE DEST PROTO DEST
SOURCE ORIGINAL RATE USER/
# PORT
PORT(S) DEST LIMIT GROUP
DNAT net loc:192.168.1.2 tcp 25 -
200.200.200.250
when i list nat rules with iptables i got this
Chain eth1_in (1 references)
pkts bytes target prot opt in out source
destination
0 0 DNAT all -- * * 0.0.0.0/0
200.200.200.250 to:192.168.1.2
Chain net_dnat (1 references)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- * * 0.0.0.0/0
200.200.200.250 tcp dpt:25 to:192.168.1.2
well, the correct rule is the one in net_dnat chain!!
why shorewall is creating the rule on eth1_in chain? i dont want ALL
packets that reach on 200.150.247.250 to be redirected to
192.168.1.2, just the smtp traffic!!!
the rest are ok
anyone could help me?
thanks
Marcello
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQiYgeEOuB+FVjoUOEQLWgACfWEKcwt2cllOsI1MB51lpol39/6MAoNWI
47fzajrdZFXYcTUY97eUbjFm
=As2H
-----END PGP SIGNATURE-----
Marcello Mezzanotti wrote:> well, the correct rule is the one in net_dnat chain!! > why shorewall is creating the rule on eth1_in chain?I''m guessing that you have an entry in /etc/shorewall/nat that is creating that rule. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom, Thanks, you are correct, but, reading the docs, when i want one-to-one nat i use nat and not masq!! so i did it!! put MASQ rules on masq and SNAT rules on nat i did what you told me, so i removed the entries on nat and put those ones on masq, now its ok i believe i doesnt understood right ''cause my native language is portguese :) Thanks again Marcellos - -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Wednesday, March 02, 2005 5:46 PM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] duplicated dnat entries Marcello Mezzanotti wrote:> well, the correct rule is the one in net_dnat chain!! > why shorewall is creating the rule on eth1_in chain?I''m guessing that you have an entry in /etc/shorewall/nat that is creating that rule. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQiYtAkOuB+FVjoUOEQIcIACfV8Y2G6DIZjWmNx/nH0HJaA1AhKkAoNxm ARk/1zZwpYBLLOA4VU/HE6Sz =hl7g -----END PGP SIGNATURE-----
Marcello Mezzanotti wrote:> Thanks, you are correct, but, reading the docs, when i want > one-to-one nat i use nat and not masq!! so i did it!! > put MASQ rules on masq and SNAT rules on nat > i did what you told me, so i removed the entries on nat and put those > ones on masq, now its ok > > i believe i doesnt understood right ''cause my native language is > portguese :) >There was a project in Brazil to translate some of the documentation into Portuguese but I don''t know what became of it. -Tom -- Tom Eastep \ Off-list replies are cheerfully ignored Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key