hello how can i only nat specific ports? 80,110,.... greets puchu
Can you just block all outbond traffic but ports 80, 110? ----- Original Message ----- From: "Rauch Wolke" <rauchwolke@gmx.net> To: <shorewall-users@lists.shorewall.net> Sent: Friday, April 29, 2005 8:55 AM Subject: [Shorewall-users] nat specific ports> hello > > how can i only nat specific ports? > > 80,110,.... > > > greets puchu
Hi, You should b able to achieve this using the ''rules'' file after you have added an entry in the ''nat'' file Ex: ACCEPT/DNAT/SNAT <Zone1> <Zone2> tcp <ports> Sushesh -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Rauch Wolke Sent: Friday, April 29, 2005 8:55 AM To: shorewall-users@lists.shorewall.net Subject: [Shorewall-users] nat specific ports hello how can i only nat specific ports? 80,110,.... greets puchu _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Rauch Wolke wrote:> hello > > how can i only nat specific ports? > > 80,110,....What type of NAT? SNAT? DNAT? And why do you ask? If you are thinking that you will only SNAT certain outgoing ports as a security measure, that''s the wrong way to attack the problem. You should rather set your loc->net policy to REJECT then ACCEPT that traffic that you wish to allow outbound. Your SNAT/MASQUERADE rules should NOT be port/protocol specific in that case. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key