Prasanna Krishnamoorthy wrote:
> On 10/26/07, Wilson Kwok <[EMAIL PROTECTED]> wrote:
>>> rule: video/ACCEPT   net    loc:192.168.0.18
>> You need a DNAT, not an accept.
>>
>> Why I need use DNAT? others rules no need to do that
> Read
> http://shorewall.net/two-interface.htm#DNAT
> 
> If you want to do a port-forward you need a DNAT. If the destination
> port is on the firewall, then you need only an accept.
> 
> Prasanna.
> 
>> Prasanna Krishnamoorthy <[EMAIL PROTECTED]> 說:
>> On 10/26/07, Wilson Kwok wrote:
>>> Hello,
>>>
>>> We have a video conference server using tcp and udp 3001 prot in
>>> internal,
>>> external user said that can't connect to video server and held on 3001
>> fail,
>>> the following is file configuration,
>>>
>>> nat: 1.2.3.4 eth1:3 192.168.0.18
>> Is this some form of masq rule in the shorewall masq file?

It's an entry in the /etc/shorewall/nat file.

It says that external IP 1.2.3.4 on eth1 is to be bi-directionally mapped to
internal address 192.168.0.18. In this case, ACCEPT rules are correct.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to