> Scott Ruckh wrote: >> I am running a jabber server on the same server as my >> shorewall/firewall. I also believe that I have a correctly configured a >> file transfer proxy (Proxy65) that talks to my jabber server. Currently >> the Proxy server only listens on port 7777 on the "loc" network >> interface of the firewall. >> >> Would a DNAT rule make sense in this scenario (something like this)? >> >> DNAT inet fw:172.16.168.1 tcp >> 7777 >> >> Would that rule forward tcp/7777 traffic from the internet to the >> firewall interface that is part of the "loc" zone? If the last >> statement is true, does this logic even make sense? > > > Hi, > > Have I understood you correctly if I think that you want to be able to > connect > to Proxy65 (tcp 7777) from both the net and loc zones? If so, why don't > you > configure Proxy65 to listen to 0.0.0.0:7777? That way you would only have > to the > following rule instead and it would work from everywhere. > > ACCEPT all fw tcp 7777 >
Yes, that is the other half of the equation. The documentation for Proxy65 with jabberd2 is very limited. The documentation makes it sound like I have to bind to a physical IP address and not an interface. As I have a dynamically changing ethernet IP address, I did not want to use the internet IP address in the PROXY65 configuration. As I am always certain of the IP address of the "loc" interface of the firewall I configured that IP address instead. I do you like your suggestion, but I am not sure it is valid (as far as PROXY65 is concerned), but I will definitely try it out and do some testing. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users