Shorewall users - Sep 2006 - dnat question

hi,

I want to redirect all data from port 80 to my server. In iptables it 
works, but how can I do in shorewall:

iptables -t nat -I PREROUTING -s 192.168.1.2 -p tcp --port 80 -j DNAT 
--to 1.2.3.4:81

I tried lot of DNAT code from the faq, but noones work.

thanks.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Hi,

This is how it should work:

/etc/shorewall/rules
DNAT net loc:1.2.3.4 tcp 81 80

This line in rules DNATs www (port 80) traffic from internet to internal
machine 1.2.3.4 (port 81). After protocol (tcp) there is two parameters
destination port and source port. I''m using shorewall and ubuntu
server.

-Ville-

> hi,
>
> I want to redirect all data from port 80 to my server. In iptables it
> works, but how can I do in shorewall:
>
> iptables -t nat -I PREROUTING -s 192.168.1.2 -p tcp --port 80 -j DNAT
> --to 1.2.3.4:81
>
> I tried lot of DNAT code from the faq, but noones work.
>
> thanks.
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net''s Techsay panel and you''ll get the
chance to share
> your
> opinions on IT & business topics through brief surveys -- and earn cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

What you write is a port forward, but I want to do opposite thing
If the user write the shorewall.net url to the browser, I want to 
redirect to my homepage. So the traffic line: 192.168.1.2 -> 1.2.3.4:81 
(this is a public ip on the internet)

Ville Virtanen írta:
> Hi,
>
> This is how it should work:
>
> /etc/shorewall/rules
> DNAT net loc:1.2.3.4 tcp 81 80
>
> This line in rules DNATs www (port 80) traffic from internet to internal
> machine 1.2.3.4 (port 81). After protocol (tcp) there is two parameters
> destination port and source port. I''m using shorewall and ubuntu
server.
>
> -Ville-
>
>
>   
>> hi,
>>
>> I want to redirect all data from port 80 to my server. In iptables it
>> works, but how can I do in shorewall:
>>
>> iptables -t nat -I PREROUTING -s 192.168.1.2 -p tcp --port 80 -j DNAT
>> --to 1.2.3.4:81
>>
>> I tried lot of DNAT code from the faq, but noones work.
>>
>> thanks.
>>
>>     

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

You can use REDIRECT

2006/9/25, Kiss Gábor <bobek_@freemail.hu>:
>
> What you write is a port forward, but I want to do opposite thing
> If the user write the shorewall.net url to the browser, I want to
> redirect to my homepage. So the traffic line: 192.168.1.2 -> 1.2.3.4:81
> (this is a public ip on the internet)
>
> Ville Virtanen írta:
> > Hi,
> >
> > This is how it should work:
> >
> > /etc/shorewall/rules
> > DNAT net loc:1.2.3.4 tcp 81 80
> >
> > This line in rules DNATs www (port 80) traffic from internet to
internal
> > machine 1.2.3.4 (port 81). After protocol (tcp) there is two
parameters
> > destination port and source port. I''m using shorewall and
ubuntu server.
> >
> > -Ville-
> >
> >
> >
> >> hi,
> >>
> >> I want to redirect all data from port 80 to my server. In iptables
it
> >> works, but how can I do in shorewall:
> >>
> >> iptables -t nat -I PREROUTING -s 192.168.1.2 -p tcp --port 80 -j
DNAT
> >> --to 1.2.3.4:81
> >>
> >> I tried lot of DNAT code from the faq, but noones work.
> >>
> >> thanks.
> >>
> >>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net''s Techsay panel and you''ll get the
chance to share
> your
> opinions on IT & business topics through brief surveys -- and earn cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

You need proxy redirection

http://shorewall.net/Shorewall_Squid_Usage.html

However the use cases there do not cover what you want exactly.

http://www.linux.com/howtos/TransparentProxy-6.shtml
Transparent proxy to a remote box (first example), does what you want.

Basically,
a) DNAT (to push the request to your external box) +
b) Connection tracking (to remember the connection)+
c) SNAT (to make your external box reply to the correct address).

Hope that helps,
Prasanna.

On 9/25/06, Kiss Gábor <bobek_@freemail.hu> wrote:
> What you write is a port forward, but I want to do opposite thing
> If the user write the shorewall.net url to the browser, I want to
> redirect to my homepage. So the traffic line: 192.168.1.2 -> 1.2.3.4:81
> (this is a public ip on the internet)
>
> Ville Virtanen írta:
> > Hi,
> >
> > This is how it should work:
> >
> > /etc/shorewall/rules
> > DNAT net loc:1.2.3.4 tcp 81 80
> >
> > This line in rules DNATs www (port 80) traffic from internet to
internal
> > machine 1.2.3.4 (port 81). After protocol (tcp) there is two
parameters
> > destination port and source port. I''m using shorewall and
ubuntu server.
> >
> > -Ville-
> >
> >
> >
> >> hi,
> >>
> >> I want to redirect all data from port 80 to my server. In iptables
it
> >> works, but how can I do in shorewall:
> >>
> >> iptables -t nat -I PREROUTING -s 192.168.1.2 -p tcp --port 80 -j
DNAT
> >> --to 1.2.3.4:81
> >>
> >> I tried lot of DNAT code from the faq, but noones work.
> >>
> >> thanks.
> >>
> >>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net''s Techsay panel and you''ll get the
chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

It works in half part,
REDIRECT   loc:192.168.1.2   81   tcp   80
but where can I add to this the IP where I want to redirect ? If I write 
it to before the 80 (1.2.3.4:80) or before to the 81 (1.2.3.4:81) I get 
error.


Rado Ramarotafika írta:
> You can use REDIRECT
>
> 2006/9/25, Kiss Gábor <bobek_@freemail.hu
<mailto:bobek_@freemail.hu>>:
>
>     What you write is a port forward, but I want to do opposite thing
>     If the user write the shorewall.net <http://shorewall.net> url to
>     the browser, I want to
>     redirect to my homepage. So the traffic line: 192.168.1.2
>     <http://192.168.1.2> -> 1.2.3.4:81 <http://1.2.3.4:81>
>     (this is a public ip on the internet)
>
>     Ville Virtanen írta:
>     > Hi,
>     >
>     > This is how it should work:
>     >
>     > /etc/shorewall/rules
>     > DNAT net loc:1.2.3.4 <http://1.2.3.4> tcp 81 80
>     >
>     > This line in rules DNATs www (port 80) traffic from internet to
>     internal
>     > machine 1.2.3.4 <http://1.2.3.4> (port 81). After protocol
(tcp)
>     there is two parameters
>     > destination port and source port. I''m using shorewall and
ubuntu
>     server.
>     >
>     > -Ville-
>     >
>     >
>     >
>     >> hi,
>     >>
>     >> I want to redirect all data from port 80 to my server. In
>     iptables it
>     >> works, but how can I do in shorewall:
>     >>
>     >> iptables -t nat -I PREROUTING -s 192.168.1.2
>     <http://192.168.1.2> -p tcp --port 80 -j DNAT
>     >> --to 1.2.3.4:81 <http://1.2.3.4:81>
>     >>
>     >> I tried lot of DNAT code from the faq, but noones work.
>     >>
>     >> thanks.
>     >>
>

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Kiss Gábor wrote:
> It works in half part,
> REDIRECT   loc:192.168.1.2   81   tcp   80
> but where can I add to this the IP where I want to redirect ? If I write 
> it to before the 80 (1.2.3.4:80) or before to the 81 (1.2.3.4:81) I get 
> error.
REDIRECT only works when you want to redirect to a server running on the
Shorewall box. It sounds like you want to redirect to a server on a
remote system on the net --

DNAT	loc:192.168.1.2	net:<ip of server>:81	tcp	80

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV