Tom Eastep wrote: > Marco C. Coelho wrote: >> Ok lets start from the top. >> >> I have multiple pppoe servers terminating connections. Users are >> normally issued public ip addresses. >> When I suspend a user, they get a private 192.168.50.0/24 ip address. > > Given that your REDIRECT rule had 'net' in the SOURCE column, we > naturally assumed that 192.168.40.0/24 is OUTSIDE your firewall, not > inside. You give us incomplete information, you get wrong and/or > incomplete answers. > >> I want to redirect any IPs in the 192.168.50.0/24 to a web page on a >> server that has a simple SUSPENDED message. >> >> having temporarily abandoned shorewall due to the problem I was having, >> I presently have this in IPTABLES: >> >> iptables -t nat -A PREROUTING -p tcp -s 192.168.50.0/24 -d 0.0.0.0/0 -j >> REDIRECT --to 64.202.230.254:80 > > That is just: > > DNAT- y:192.168.40.0/24 z:64.202.230.254:80 tcp > > Where > > y = Zone containing 192.168.40.0/24 > z = Zone containing 64.202.230.254
And please note that should you ever upgrade to Shorewall-perl 4.2, you should omit the 'z' (e.g., ":64.202.230.254:80") to avoid a compilation warning. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
