Thanks for the links.
I'm trying to learn NetFilter harder now.
I just realized how efficient chain processing is,
compare to the linear processing of IP Filter.
Hmm just one little ask. Consider this command :
$IPTABLES -t nat -A PREROUTING -p udp -d $EXT_IP \
--dport 10000:20000 -j DNAT --to $INT_IP:10000-20000
^^^^^^^^^^^ ^^^^^^^^^^^
Can you use the same syntax for the port range (marked with ^^^^) ?
I want to make a bash script, but I can't simply
assign one variable like this.
OPEN_PORT=10000-20000
$IPTABLES -t nat -A PREROUTING -p udp -d $EXT_IP \
--dport $OPEN_PORT -j DNAT --to $INT_IP:$OPEN_PORT
Thanks very much for your great job
Regards
Eko
On Tue, 12 Mar 2002, Tom Eastep wrote:
> You might want to take a look at Shorewall (http://www.shorewall.net)
> -- It makes iptables a lot easier to use.
