Lars Erik Dangvard Jensen
2008-Mar-12 23:28 UTC
Redirect port on a public IP to another external public IP
Hello list I would like to redirect port 80 on MYOWNPUBIP to imap.gmail.com port 993 (66.249.93.111) because a friend of mine has a strange mobile network in Equador. I''ve tried this: ACCEPT inet1 inet1:66.249.93.111 tcp 80,993 DNAT inet1 inet1:66.249.93.111:993 tcp 80 - MYOWNPUBIP MYOWNPUBIP is in the zone dmz2. I''ve tried various configurations, but I can''t seem to hit the right configuration. I''m running shorewall 4.0.4 Thanks. Lars ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom Eastep
2008-Mar-13 00:06 UTC
Re: Redirect port on a public IP to another external public IP
Lars Erik Dangvard Jensen wrote:> I would like to redirect port 80 on MYOWNPUBIP to imap.gmail.com port > 993 (66.249.93.111) because a friend of mine has a strange mobile > network in Equador. > > I''ve tried this: > > ACCEPT inet1 inet1:66.249.93.111 tcp 80,993 > DNAT inet1 inet1:66.249.93.111:993 tcp 80 - > MYOWNPUBIP > > MYOWNPUBIP is in the zone dmz2. I''ve tried various configurations, but > I can''t seem to hit the right configuration. > > I''m running shorewall 4.0.4This comes up occasionally so I''ve added it to the FAQ: http://www1.shorewall.net/FAQ.htm#faq1g -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Andrew Suffield
2008-Mar-13 00:32 UTC
Re: Redirect port on a public IP to another external public IP
On Wed, Mar 12, 2008 at 05:06:54PM -0700, Tom Eastep wrote:>> I would like to redirect port 80 on MYOWNPUBIP to imap.gmail.com port >> 993 (66.249.93.111) because a friend of mine has a strange mobile >> network in Equador. > > This comes up occasionally so I''ve added it to the FAQ: > > http://www1.shorewall.net/FAQ.htm#faq1gAnd it is, of course, indicative of fundamental braindamage somewhere. Given full control over all involved hosts, you *never* need to do this; that''s built in to the design of the internet. It''ll only be necessary when somebody has misconfigured something and you can''t get it fixed. For those people who think they need this but have control over all the hosts involved, you should probably be looking at doing something with DNS instead (much like FAQ 2). Might be worth adding that to this new entry. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/