On 10/26/07, Wilson Kwok <[EMAIL PROTECTED]> wrote:
> > rule: video/ACCEPT   net    loc:192.168.0.18
> You need a DNAT, not an accept.
>
> Why I need use DNAT? others rules no need to do that
Read
http://shorewall.net/two-interface.htm#DNAT

If you want to do a port-forward you need a DNAT. If the destination
port is on the firewall, then you need only an accept.

Prasanna.

>
> Prasanna Krishnamoorthy <[EMAIL PROTECTED]> 說:
> On 10/26/07, Wilson Kwok wrote:
> > Hello,
> >
> > We have a video conference server using tcp and udp 3001 prot in
> > internal,
> > external user said that can't connect to video server and held on 3001
> fail,
> > the following is file configuration,
> >
> > nat: 1.2.3.4 eth1:3 192.168.0.18
> Is this some form of masq rule in the shorewall masq file?
>
> > rule: video/ACCEPT net loc:192.168.0.18
> You need a DNAT, not an accept.
>
> And I'd write it as
>
> DNAT net loc:192.168.0.18 tcp 3000,3002...
>
> Prasanna.
> >
> > marco.video:
> >
> > PARAM - - tcp 3000
> > PARAM - - udp 3000
> > PARAM - - tcp 3001
> > PARAM - - udp 3001
> > PARAM - - tcp 3003
> > PARAM - - udp 3003
> > PARAM - - tcp 3005
> > PARAM - - udp 3005
> > PARAM - - tcp 3009
> > PARAM - - udp 3009
> > PARAM - - tcp 8080
> >
> >
> >
> >
> > ________________________________
> > 對Yahoo! Mail 有任何意見或建議,請 聯絡我們
> >
> >
> >
> -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc.
> > Still grepping through log files to find problems? Stop.
> > Now Search log events and configuration files using AJAX and a browser.
> > Download your FREE copy of Splunk now >> http://get.splunk.com/
> > _______________________________________________
> > Shorewall-users mailing list
> > [email protected]
> >
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
> >
> >
>
>
> --
> www.elinanetworks.com
> Seamless, secure delivery of applications.
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>
> http://get.splunk.com/_______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
>  ________________________________
> 對Yahoo! Mail 有任何意見或建議,請 聯絡我們
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>


-- 
www.elinanetworks.com
Seamless, secure delivery of applications.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to