[Shorewall-users] Is there a way?

Tom Eastep teastep@shorewall.net
Fri, 19 Jul 2002 12:19:19 -0700 (PDT)


On 19 Jul 2002, Zachariah Mully wrote:

> 
> Perhaps I am reading this wrong, but couldn't you simply reject all
> outbound port 6667, configure your IRC client to use a different port,
> and then add a rule to your firewall to forward that traffic to port
> 6667 on your external interface?
> 

That will work if Rogan want to add a separate DNAT entry for each IRC 
server that he uses. From the DNAT description in 'man iptables':

--to-destination ipaddr[-ipaddr][:port-port]

Note that a destination ipaddrss is required so just changing a port 
doesn't fly....


-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net