Hi all I need to create following rule (described): All connections from any zone going to server 80.1.1.1 on port 210 in zone DMZ should be redirected to that same IP in same zone but on port 200 So basically for all zones I want to redirect requests for port on server to different port on same server. None of the examples i found in documentation, FAQ or mailing list cover this particular situation, and I am not too familiar with DNAT or REDIRECT actions so rules I have created so far do not work. Can someone please write me rule for this? Most logical for me was: ACTION: DNAT SOURCE: all DEST: DMZ:80.1.1.1:210 PROTO: tcp DEST PORT: 100 SOURCE PORT: - ORIGINAL DEST: 80.1.1.1 ... but it doesn''t work. Thanks, regards Ivica Glavocic ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Ivica Glavocic wrote:> All connections from any zone going to server 80.1.1.1 on port 210 in zone > DMZ should be redirected to that same IP in same zone but on port 200 > > > Can someone please write me rule for this? Most logical for me was: > > ACTION: DNAT > SOURCE: all > DEST: DMZ:80.1.1.1:210 > PROTO: tcp > DEST PORT: 100 > SOURCE PORT: - > ORIGINAL DEST: 80.1.1.1 > > ... but it doesn''t work. >What you have just described would redirect all connections to 80.1.1.1:100 to 80.1.1.1:210. I don''t know why you had 100 in the DEST PORT column since your problem statement said port 200. But to do what you *say* you want, the rule is: DNAT all DMZ:80.1.1.1:200 tcp 210 - 80.1.1.1 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Ivica Glavocic" <ivica.glavocic@laserline.hr>; "Shorewall Users" <shorewall-users@lists.sourceforge.net> Sent: Thursday, January 25, 2007 5:11 PM Subject: Re: [Shorewall-users] Redirecting to different port on same IP>What you have just described would redirect all connections to 80.1.1.1:100 >to 80.1.1.1:210. >>I don''t know why you had 100 in the DEST PORT column since your problem >statement said port 200. But to do what you *say* you want, the rule is: >DNAT all DMZ:80.1.1.1:200 tcp 210 - 80.1.1.1Thanks Bryan and Tom for quick reply, port 100 was there by mistake, 210 should be redirected to 200. So my rule was using reverse logic, your rule works. Regards Ivica ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV