[Shorewall-users] Portforwarding within a zone

Tom Eastep teastep@shorewall.net
Sun, 6 Jan 2002 13:16:15 -0800


In looking at your rules, one thing you should keep in mind:

a) Any time that you have an entry in the ADDRESS column of the rules fil=
e,=20
unless that same address also appears in the SERVER(S) column then DNAT i=
s=20
indicated.
b) DNAT rules are evaluated ahead of all non-DNAT rules.
c) DNAT rules are evaluated in the order in which they appear in the rule=
s=20
file.

You can see all of your NAT rules using the command:

=09shorewall show nat

-Tom
--=20
Tom Eastep    \  teastep@shorewall.net
AIM: tmeastep  \  http://www.shorewall.net
ICQ: #60745924  \  Firewalls for Linux 2.4