There's a better way.
make your application listen on the external LAN interface - eg
192.168.2.106:2048, then add the following rule:
REDIRECT loc 2048 tcp 443 - 192.168.2.106
This will "just work(tm)"
Jan
On 08/01/07, Andrew Suffield <[EMAIL PROTECTED]> wrote:
> > [EMAIL PROTECTED]:/# netstat -anp
> > Aktive Internetverbindungen (Server und stehende Verbindungen)
> > Proto Recv-Q Send-Q Local Address Foreign Address
> > State PID/Program name
> > tcp 0 0 127.0.0.1:2048 0.0.0.0:*
> > LISTEN 8565/nc
> >
> > when I try with a webbrowser, shorewall shows:
> > Shorewall:loc_dnat:REDIRECT:IN=eth0 OUT=
> > MAC=00:16:3e:76:88:14:00:04:23:90:fe:0f:08:00 SRC=192.168.2.39
> > DST=192.168.2.106 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=49464 DF
> > PROTO=TCP SPT=2369 DPT=80 WINDOW=64960 RES=0x00 SYN URGP=0
This is crude and foul but should work:
www stream tcp nowait nobody /bin/nc nc 127.0.0.1 2048
As a line in inetd.conf.
Yeah, I know. But it's an ugly sort of thing to want to do anyway.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
