[Shorewall-newbies] DNAT problem

Tom Eastep teastep at shorewall.net
Sun Feb 22 18:51:19 PST 2004


On Mon, 23 Feb 2004, Helio L. Filho wrote:

>
>  I have a problem using DNAT rule :
>     I'm trying to routing a request on port 9000 in the firewall and send to
> an internal host on port 80 .
>
> the rule i've set
>
> ACCEPT net fw tcp 9000
> ACCEPT net loc:192.168.1.40   tcp     www
>
> DNAT net    loc:192.168.1.40    tcp     80     9000   200.221.x.x
> what's wrong ? i cannot be conected from external word . !!
>

This is FAQ #1c.

The rule you want is:

ACCEPT	net loc:192.168.1.40:80	tcp 9000 - 200.221.x.x

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net


More information about the Shorewall-newbies mailing list