Scott Ruckh wrote: > I am running a jabber server on the same server as my > shorewall/firewall. I also believe that I have a correctly configured a > file transfer proxy (Proxy65) that talks to my jabber server. Currently > the Proxy server only listens on port 7777 on the "loc" network > interface of the firewall. > > Would a DNAT rule make sense in this scenario (something like this)? > > DNAT inet fw:172.16.168.1 tcp 7777 > > Would that rule forward tcp/7777 traffic from the internet to the > firewall interface that is part of the "loc" zone? If the last > statement is true, does this logic even make sense?
Hi, Have I understood you correctly if I think that you want to be able to connect to Proxy65 (tcp 7777) from both the net and loc zones? If so, why don't you configure Proxy65 to listen to 0.0.0.0:7777? That way you would only have to the following rule instead and it would work from everywhere. ACCEPT all fw tcp 7777 Best regards, /Martin Leben ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
