[Shorewall-users] DNAT help

Dario Lesca d.lesca@ivrea.osra.it
Wed, 3 Jul 2002 11:38:10 +0200


----- Original Message -----
From: "Roy Barkas" <rbarkas@usa.net>
To: <shorewall-users@shorewall.net>
Sent: Wednesday, July 03, 2002 10:47 AM
Subject: [Shorewall-users] DNAT help


> I'm having trouble making DNAT work the way I think it should.  I'm
> using Shorewall 1.2 and iptables 1.2.5.1.

Probably DNAT rule work only in 1.3 version of shorewall ...

> I have the following statement in /etc/shorewall/rules:
>
> DNAT net:203.11.22.121/32 wep:192.168.10.22 udp 500
>
>    ^^the source machine      ^^my destination behind the
> firewall


check this (1.2).
ACCEPT    net     wep:192.168.10.10:500    udp     500   -
203.11.22.121

check this (1.3)...
DNAT    net     wep:192.168.10.10    udp     500   -       203.11.22.121

... or this (1.3).
DNAT    net     wep:192.168.10.10:500    udp     500   -       203.11.22.121

Regards

-------
Dario Lesca (d.lesca@ivrea.osra.it)