"Cencore Security" <[EMAIL PROTECTED]> writes: > One question I forgot. > > I've done this before but I cannot remember the structure of the rules. I want to > allow ssh and 8443 (that are running on the LAN interface) to be accessable (read > redirected) from the external WAN interface on the firewall (with specific IP > address xxx.xxx.xxx.xxx). > > I thought maybe just: > #result client server proto port client_port address > REDIRECT wan:xxx.xxx.xxx.xxx lan tcp 8443 - > REDIRECT wan:xxx.xxx.xxx.xxx lan tcp 22 - > or > REDIRECT wan :xxx.xxx.xxx.xxx lan tcp 8443 - 192.168.1.1 > REDIRECT wan :xxx.xxx.xxx.xxx lan tcp 22 - 192.168.1.1 > > but that only hangs shorewall. No matter what, it expects REDIRECT to put a PORT > where "lan" goes. And in the web interface you must choose a client zone from the > drop down. > > I also tried: > DNAT wan:xxx.xxx.xxx.xxx lan:192.168.1.1 tcp 8443 -
this rule will redirect a connection on the 8443 port coming from wan:xxx.xxx.xxx.xxx to lan:192.168.1.1 which I don't understand because 8443 is the web interface port ... running on the firewall. > DNAT wan:xxx.xxx.xxx.xxx lan:192.168.1.1 tcp 22 - same thing for ssh ... -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
