> ... develop on shorewall some rules to redirect
> some kind of traffic between two servers on
> Internet (both wit publics IPs). I want to redirect
> all traffic with destination host A (82.xx.xx.xx
> port (xxxx) to host B (87.yy.yy.yy) port (xxxx). ...
If I understand your need correctly, I do exactly this
with Shorewall. In my "rules" file I have this entry:
DNAT net loc:172.16.1.51:22 tcp
2647
It redirects traffic from ipA:2647 to ipB:22 (ipB
seems to be on the Internet, but is actually behind my
firewall).
This illustrates a few Shorewall oddities you may
encounter:
First, the REDIRECT statement is used only if you're
changing ports but not machines. To change machines or
both machine and port, use the (somewhat less obvious)
DNAT statement.
Second, although colon (:) most often denotes a range
in Shorewall, in this particular circumstance it
allows specification of a port.
And third, the documentation for this particular
option can be hard to find. I had to go through a
"reference" manual with a fine toothed comb, and
mentally correct a few errors I ran across while doing
so.
(As a general rule of thumb, either _all_ Shorewall or
_no_ Shorewall. Trying to mix Shorewall with raw
IPTables most often leads to disaster.
Also, which of A or B is behind your firewall?
Assuming Shorewall is on your firewall, if A and B are
both outside the firewall on the open Internet, it
would seem the traffic would never traverse the system
with your rule at all. I must be on the wrong track
here...)
thanks!
-Chuck Kollars
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
