Raul Gil wrote:
Hello everyone!I have a problem trying to develop on shorewall some rules to redirect some kind of traffic between two servers on Internet (both wit publics IPs).I want to redirect all traffic with destination host A (82.xx.xx.xx) port (xxxx) to host B (87.yy.yy.yy) port (xxxx).I can´t do it with shorewall, or I couldn´t be able to do it.Then I saw some iptables rules that do the job://sbin/iptables -t nat -A PREROUTING -p tcp -m tcp -d 82.xx.xx.xx --dport xxxx -j DNAT --to-destination 87.yy.yy.yy///sbin/iptables -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 87.yy.yy.yy --dport xxxx -j SNAT --to-source 82.xx.xx.xx// /The problem is that I can´t put this rules on shorewall and this rules only work if shorewall is stopped. If shorewall is running and y execute this rules, the system doesn´t tell me anything, but don´t work. If I stop shorewall and run this rules, works.Any suggestion about how implement this issue?
I'll assume that your external interface is 'eth0' and is associated with zone 'net'.
In /etc/shorewall/interfaces, add the 'routeback' option to eth0: net eth0 ... routeback,... In /etc/shorewall/rules: DNAT- net net:87.yy.yy.yy tcp - - 82.xx.xx.xx In /etc/shorewall/masq: eth0:87.yy.yy.yy 0.0.0.0/0 82.xx.xx.xx -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
