Prasanna Krishnamoorthy wrote: > On 10/26/07, Wilson Kwok <[EMAIL PROTECTED]> wrote: >>> rule: video/ACCEPT net loc:192.168.0.18 >> You need a DNAT, not an accept. >> >> Why I need use DNAT? others rules no need to do that > Read > http://shorewall.net/two-interface.htm#DNAT > > If you want to do a port-forward you need a DNAT. If the destination > port is on the firewall, then you need only an accept. > > Prasanna. > >> Prasanna Krishnamoorthy <[EMAIL PROTECTED]> 說: >> On 10/26/07, Wilson Kwok wrote: >>> Hello, >>> >>> We have a video conference server using tcp and udp 3001 prot in >>> internal, >>> external user said that can't connect to video server and held on 3001 >> fail, >>> the following is file configuration, >>> >>> nat: 1.2.3.4 eth1:3 192.168.0.18 >> Is this some form of masq rule in the shorewall masq file?
It's an entry in the /etc/shorewall/nat file. It says that external IP 1.2.3.4 on eth1 is to be bi-directionally mapped to internal address 192.168.0.18. In this case, ACCEPT rules are correct. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
