Hi there. This should be easy, but not for me: I want connections on my external IP and port: 93.1.1.1:82 to be forwardet to 10.0.0.248:80. Why isn't that obvious? I have this in rules: ACCEPT net loc:10.0.0.248 tcp 80 DNAT net:93.1.1.1 loc:10.0.0.248 tcp 80 82 Thanks in advance. -- Med venlig hilsen/Kind regards Michael B. Arp Sørensen Programmer / BOFH "Ride out and meet them." ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
If there are multiple ip's on the box: DNAT net loc:10.0.0.248 tcp 80 - 93.1.1.1 otherwise DNAT net loc:10.0.0.248 tcp 80 would suffice. ACCEPT is not needed as DNAT is an implicit accept :) You are now DNATting packets with source IP/port 93.1.1.1:82 and destination port 80 to 10.0.0.248:80 Regards, Erik Michael Bernhard Arp Sørensen schreef:> Hi there. > > This should be easy, but not for me: > > I want connections on my external IP and port: 93.1.1.1:82 > <http://93.1.1.1:82> to be forwardet to 10.0.0.248:80 > <http://10.0.0.248:80>. Why isn't that obvious? I have this in rules: > > ACCEPT net loc:10.0.0.248 > <http://10.0.0.248> tcp 80 > DNAT net:93.1.1.1 <http://93.1.1.1> loc:10.0.0.248 > <http://10.0.0.248> tcp 80 82 > > Thanks in advance. > > -- > > Med venlig hilsen/Kind regards > > Michael B. Arp Sørensen > Programmer / BOFH > > "Ride out and meet them." > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. > The future of the web can't happen without you. Join us at MIX09 to help > pave the way to the Next Web now. Learn more and register at > http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-usersErik Versaevel ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Hi, thanks for your reply. [?] I wonder, in what way does this specify that port 82 needs to be translated to port 80? I''ve tried several times with only a DNAT without an ACCEPT. That didn''t work. I have several public IP adresses in use. /Michael On Mon, Dec 8, 2008 at 2:42 PM, E. Versaevel <erik@infopact.nl> wrote:> If there are multiple ip''s on the box: > > DNAT net loc:10.0.0.248 tcp 80 - 93.1.1.1 > otherwise > DNAT net loc:10.0.0.248 tcp 80 > would suffice. > ACCEPT is not needed as DNAT is an implicit accept :) > > You are now DNATting packets with source IP/port 93.1.1.1:82 and > destination port 80 to 10.0.0.248:80 > > Regards, > Erik > > > Michael Bernhard Arp Sørensen schreef: > > Hi there. > > > > This should be easy, but not for me: > > > > I want connections on my external IP and port: 93.1.1.1:82 > > <http://93.1.1.1:82> to be forwardet to 10.0.0.248:80 > > <http://10.0.0.248:80>. Why isn''t that obvious? I have this in rules: > > > > ACCEPT net loc:10.0.0.248 > > <http://10.0.0.248> tcp 80 > > DNAT net:93.1.1.1 <http://93.1.1.1> loc:10.0.0.248 > > <http://10.0.0.248> tcp 80 82 > > > > Thanks in advance. > > > > -- > > > > Med venlig hilsen/Kind regards > > > > Michael B. Arp Sørensen > > Programmer / BOFH > > > > "Ride out and meet them." > > > > > > ------------------------------------------------------------------------ > > > > > ------------------------------------------------------------------------------ > > SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, > Nevada. > > The future of the web can''t happen without you. Join us at MIX09 to help > > pave the way to the Next Web now. Learn more and register at > > > http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > Erik Versaevel >------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
Michael Bernhard Arp Sørensen wrote:> DNAT net:93.1.1.1 loc:10.0.0.248 tcp 80 82Please see Shorewall FAQ 1 and it''s sub-FAQs (http://www.shorewall.net/FAQ.htm#faq1) a) You don''t want 93.1.1.1 in the SOURCE column -- IT''S NOT THE SOURCE IP ADDRESS! b) It is the *Original Destination IP address*; if follows that the address should appear in the ORIGINAL DEST column. c) You have 82 in the SOURCE PORT(S) column SO ONLY CONNECTIONS WITH SOURCE PORT 82 will be forwarded (which means that no connections will be forwarded since no connections will have source port 82). You don''t say what you want to use 82 for; you''ll have to refer to the FAQ. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/