Re: [Shorewall-users] Macrofied DNAT not working

Sat, 13 Dec 2014 15:28:57 -0800 

Thanks Tom -

It must've been something silly as it seems to be working ok now.
(Unfortunately I only get access to the firewall briefly once a week.)

Regards - Philip

On 13/12/2014 17:01, Tom Eastep wrote:
> On 12/3/2014 10:05 AM, Philip Le Riche wrote:
>> Probably something silly I'm doing but I don't see it for the moment.
>>
>> I had rules:
>> DNAT        schl        pinet:${Pinet}.1        tcp    ssh    -   
>> ${Schlnet}.129
>> DNAT        schl        pinet:${Pinet}.1        tcp    5900    -   
>> ${Schlnet}.129
>> plus another 7 pairs with consecutive destination and original
>> destination addresses.
>>
>> I needed to add an http rule and expand it to 16 IP addresses, so I
>> wrote a macro.Pi:
>> PARAM   -       -       tcp     5900:5909       -       -
>> PARAM   -       -       tcp     ssh             -       -
>> PARAM   -       -       tcp     http            -       -
>>
>> and replaced all the former rules by 16 after the fashion:
>> Pi(DNAT)        schl    pinet:${Pinet}.1        -       -       -      
>> ${Schlnet}.129
>> (I generalised the VNC port while I was at it.)
>>
>> Connections utilising those rules were then refused. I don't see why.
>>
> I don't either, but if you will send me the original rules file, the
> modified rules file and your macro file then I will take a look.
>
> -Tom
>
> PS - My apologies for the slow response; I've been traveling abroad and
> only had mobile phone internet access.
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
>
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to