[Shorewall-newbies] Rule statement differences

Lyvim Xaphir lxaphir at yahoo.com
Sun Dec 28 05:36:28 PST 2003


On Sat, 2003-12-27 at 23:53, Francesca C. Smith wrote:
> Hello,
> 
> On Sat, 2003-12-27 at 23:48, Lyvim Xaphir wrote:
> > What is the difference in this
> > 
> > #ACTION  SOURCE DEST                 PROTO   DEST    SOURCE     ORIGINAL
> > #                                            PORT    PORT(S)    DEST
> > 
> > 
> > DNAT    net     loc:192.168.0.18:80  tcp     -       -
> > 
> > 
> > And this?
> > 
> > 
> > DNAT    net     loc:192.168.0.18     tcp     80       -
> > 
> > 
> > LX
> 
> Number one is bogus I am pretty sure .. while number two is Valid


Wrong and right, I think.  Witness:


http://www.shorewall.net/FAQ.htm#faq1

Where it seems that the usefulness of the first rule is when you are
redirecting a port to a different port on an internal server.  That's
one of the applications.

However I discovered by accident that both of the above worked,
seemingly the same; the first case works the same as the second because
of it's abiguity in the destination port column.  When I posted this, I
wasnt quite aware of that, therefore I wanted someone more knowledgeable
to explain the difference between the two.


> "Although I Would Write Such A Rule As One" .. What is this quiz trying
> to prove ??? Does number one work ??? .. Or whats behind door number
> three ???
> 
> Francesca

A door number three thing, I suppose.  And trying different things to
see what works and what does not.  Cause I've got an internal server
that I'm trying to make visible from the net.  I think I've narrowed the
problem down to it being some undocumented ports that are not visible
from the net.

I've come quite a ways since I started with shorewall; I find it very
useful.  Most of what I've discovered, I've found out by experimentation
and log analysis.  You're the first one that has responded to my emails;
so thanks. :)



LX



More information about the Shorewall-newbies mailing list