[Shorewall-users] NAT and ports routing using Shorewall
teastep at shorewall.net
Mon Jan 5 11:04:17 PST 2004
On Monday 05 January 2004 07:55 am, Tom Eastep wrote:
> On Monday 05 January 2004 07:43 am, olivier.parisy at free.fr wrote:
> > Hi,
> > I'm new to shorewall and to this list.
> > I just switched from custom iptables-based scripts to shorewall,
> > and everything seems to work smoothly. There's only one thing I
> > wasn't able to port : rules similar to this one :
> > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5190 -j REDIRECT
> > --to-ports 5190
> > Can this be expressed using shorewall config files ? Or should I
> > insert these rules in an extension script ?
> That's just a simple Shorewall REDIRECT rule...
> REDIRECT z 5190 tcp 5190
> where "z" is the zone interfacing through eth0.
Note that Shorewall REDIRECT creates two Netfilter rules:
a) The nat table rule you describe above;
b) An ACCEPT rule in the filter table.
If you only want the nat table rule then use REDIRECT- rather than REDIRECT.
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users