[Shorewall-newbies] Rule statement differences
lxaphir at yahoo.com
Sun Dec 28 05:36:28 PST 2003
On Sat, 2003-12-27 at 23:53, Francesca C. Smith wrote:
> On Sat, 2003-12-27 at 23:48, Lyvim Xaphir wrote:
> > What is the difference in this
> > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
> > # PORT PORT(S) DEST
> > DNAT net loc:192.168.0.18:80 tcp - -
> > And this?
> > DNAT net loc:192.168.0.18 tcp 80 -
> > LX
> Number one is bogus I am pretty sure .. while number two is Valid
Wrong and right, I think. Witness:
Where it seems that the usefulness of the first rule is when you are
redirecting a port to a different port on an internal server. That's
one of the applications.
However I discovered by accident that both of the above worked,
seemingly the same; the first case works the same as the second because
of it's abiguity in the destination port column. When I posted this, I
wasnt quite aware of that, therefore I wanted someone more knowledgeable
to explain the difference between the two.
> "Although I Would Write Such A Rule As One" .. What is this quiz trying
> to prove ??? Does number one work ??? .. Or whats behind door number
> three ???
A door number three thing, I suppose. And trying different things to
see what works and what does not. Cause I've got an internal server
that I'm trying to make visible from the net. I think I've narrowed the
problem down to it being some undocumented ports that are not visible
from the net.
I've come quite a ways since I started with shorewall; I find it very
useful. Most of what I've discovered, I've found out by experimentation
and log analysis. You're the first one that has responded to my emails;
so thanks. :)
More information about the Shorewall-newbies