Hello,
I am using Shorewall 5.2.8 on a server that has three interfaces, one
internal, one DMZ and one connected to the Internet.
On that server, there is a service that binds itself only on localhost
and that cannot be configured otherwise.
As I would like to access it from the "loc" zone, I have tried writing
this REDIRECT rule:
REDIRECT loc lo:1883 tcp 1883 - &loc
But when I check the configuration, I get this error:
ERROR: Unknown destination zone (lo) /etc/shorewall/rules
Fair enough, I thus went at defining "lo" in zones despite my initial
feeling it exists implicitly and did it like this in the zones file:
lo locahost
This changes the error message to this:
ERROR: Rules may not override a NONE policy /etc/shorewall/rules
As this mentions policies, I thus went into the policy file and added
this line:
loc lo ACCEPT
But this in turn gives me another error message:
ERROR: Policy "loc lo ACCEPT" duplicates earlier policy "loc lo NONE"
But there is no such policy in my policy file.
Thinking that there might be something special with the loopback
interface, I also tried the following rule:
REDIRECT loc net:1883 tcp 1883 - &loc
And this gives me yet another error:
ERROR: A server IP address (1883) may not be specified in a REDIRECT
rule /etc/shorewall/rules
So it seems that the syntax I'm trying to use is bogus, but I can't
figure out how to express what I want in shorewall, being:
On the server itself, redirect connection from port PPPP on interface of
zone ZZZ to port MMMM on interface of zone YYYY
I tried looking in the documentation but I could find an example for
REDIRECT rules
Thanks for your help
Olivier
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
