Hi shorewall users, i use shorewall 1.4.8 (i know, this is an old release, but this is on a livecd-firewall and i cannot update this immediate). Now, i must forward rdesktop to an internal server (yeah, i know ;)) and i''ll allow portforwarding for an outside IP only. Global config for portworward from anywhere to rdesktop is as follows: DNAT outside inside:$GATE:3389 tcp 3389 - 1.2.3.4 But how to restrict this to an outsite IP only? Thanks in advance Tobias -- Highspeed-Freiheit. Bei GMX supergnstig, z.B. GMX DSL_Cityflat, DSL-Flatrate fr nur 4,99 Euro/Monat* http://www.gmx.net/de/go/dsl ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
Tobias wrote on 08/11/2005 18:26:05:> Hi shorewall users, > > i use shorewall 1.4.8 (i know, this is an old release, but this is > on a livecd-firewall and i cannot update this immediate). > Now, i must forward rdesktop to an internal server (yeah, i know ;)) > and i''ll allow portforwarding for an outside IP only. > Global config for portworward from anywhere to rdesktop is as follows: > > DNAT outside inside:$GATE:3389 tcp 3389 - 1.2.3.4 > > But how to restrict this to an outsite IP only?I think that you should use DNAT outside:ip-of-outside-server inside:$GATE:3389 tcp 3389 - 1.2.3.4 hope it helps, -- Eduardo Ferreira
On Tuesday 08 November 2005 12:26, Tobias wrote:> Hi shorewall users, > > i use shorewall 1.4.8 (i know, this is an old release, but this is > on a livecd-firewall and i cannot update this immediate). > Now, i must forward rdesktop to an internal server (yeah, i know ;)) > and i''ll allow portforwarding for an outside IP only. > Global config for portworward from anywhere to rdesktop is as follows: > > DNAT outside inside:$GATE:3389 tcp 3389 - 1.2.3.4 > > But how to restrict this to an outsite IP only?This is Shorewall FAQ 24. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key