Matthew Schalit wrote: > > > That seems easy enough. Just put another line right above > the one that you've got that works like this: > > REJECT loc dmz:!10.10.1.1 tcp 24 - - > DNAT loc dmz:10.10.1.1:25 tcp 24 - - > > > Let me know if this works. I'm digging around for another > nic to setup a dmz to test this, but I may get sidetracked > by the new puppy.
The firewall script available from the 1.3.8 Errata allows the following to work correctly: DNAT loc dmz:10.10.1.1:25 tcp 24 - 10.10.1.1 The problem was that Shorewall was only generating the nat table mapping if the original and server IP addresses were different. The new code generates this mapping if the ports are different as well. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
