Jason Taylor wrote:
> I'm trying to redirect port 24 to 25 for a single IP. My rules file
> line is:
>
> DNAT loc dmz:10.10.1.1:25 tcp 24 - 10.10.1.1
>
> It appears that this rule is useless because the original destination IP
> matches the destination IP.
I'd like to understand why it's useless, but maybe it's just
how the shorewall code processes things. I've been racking
my brain a bit on this one. It's an interesting desire,
especially because I wrote one of the original firewalls
used on lrps, before the days of LEAF, and never tried this.
> Leaving off the - 10.10.1.1 portion does redirect all tcp traffic from
> loc destined for port 24 as expected.
You mean like this?
DNAT loc dmz:10.10.1.1:25 tcp 24 - -
> However, I would still like to have it dropped unless destined
> for this particular host.
That seems easy enough. Just put another line right above
the one that you've got that works like this:
REJECT loc dmz:!10.10.1.1 tcp 24 - -
DNAT loc dmz:10.10.1.1:25 tcp 24 - -
Let me know if this works. I'm digging around for another
nic to setup a dmz to test this, but I may get sidetracked
by the new puppy.
regards,
matthew
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
