Shorewall users - Jan 2008 - Redirecting port 2525 to 25 when using proxy arp

Hello list/Tom :)

I''m using proxy arp and want to redirect port 2525 to port 25 to avoid
some ISPs who has port 25 closed for users.

I''ve been looking at this example from man pages:

Example 4:
               Redirect  all  locally-originating  www  connection   
requests  to port 3128 on the firewall (Squid running on the firewall  
system)
               except when the destination address is 192.168.2.2

                       #ACTION  SOURCE DEST      PROTO DEST    SOURCE   
ORIGINAL
                       #                               PORT    PORT(S)  
DEST
                       REDIRECT loc    3128      tcp   www       
-      !192.168.2.2


Is it possible to redirect a port on a public IP (proxy arp) to  
another port on the same public IP (proxy arp)? And if possible what  
is the syntax for this? I''ve tried this:

REDIRECT	inet		inet:25	tcp	2525

Or is it possible to DNAT to at public IP from the public IP itself?

DNAT	inet1:PUBIP	inet1:PUBIP:25	tcp     2525	-	PUBIP

Thanks.

/Lars







-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Lars Erik Dangvard Jensen wrote:
> 
> Or is it possible to DNAT to at public IP from the public IP itself?
> 
> DNAT	inet1:PUBIP	inet1:PUBIP:25	tcp     2525	-	PUBIP
> 
Yes. But assuming that the Proxy arp''d system with
''PUBIP'' is in a local
zone (say ''DMZ''), the rule would be:

DNAT	inet1	DMZ:PUBIP:25	tcp	2525	-	PUBIP

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Hello Tom

Thanks, it works like a charm :)

Den 04/01/2008 kl. 17.02 skrev Tom Eastep:
> Lars Erik Dangvard Jensen wrote:
>
>>
>> Or is it possible to DNAT to at public IP from the public IP itself?
>>
>> DNAT	inet1:PUBIP	inet1:PUBIP:25	tcp     2525	-	PUBIP
>>
>
> Yes. But assuming that the Proxy arp''d system with
''PUBIP'' is in a
> local
> zone (say ''DMZ''), the rule would be:
>
> DNAT	inet1	DMZ:PUBIP:25	tcp	2525	-	PUBIP
>
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
>
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/