[Shorewall-users] NAT and ports routing using Shorewall

Tom Eastep teastep at shorewall.net
Mon Jan 5 11:04:17 PST 2004


On Monday 05 January 2004 07:55 am, Tom Eastep wrote:
> On Monday 05 January 2004 07:43 am, olivier.parisy at free.fr wrote:
> > Hi,
> >
> > I'm new to shorewall and to this list.
> >
> > I just switched from custom iptables-based scripts to shorewall,
> > and everything seems to work smoothly. There's only one thing I
> > wasn't able to port : rules similar to this one :
> >
> > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5190 -j REDIRECT
> > --to-ports 5190
> >
> > Can this be expressed using shorewall config files ? Or should I
> > insert these rules in an extension script ?
>
> That's just a simple Shorewall REDIRECT rule...
>
> 	REDIRECT	z	5190	tcp	5190
>
> where "z" is the zone interfacing through eth0.
>

Note that Shorewall REDIRECT creates two Netfilter rules:

a) The nat table rule you describe above;
b) An ACCEPT rule in the filter table.

If you only want the nat table rule then use REDIRECT- rather than REDIRECT.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list