Hello, We are using several DNAT rules for incoming traffic to our network, and several more MASQ rules for outgoing traffic. Now, I have a request for a mechanical controls system which needs a DNAT for a single UDP port, but also needs a MASQ rule for accessing web traffic. The machine will be a private IP inside our LAN, routed by our Cisco router to the firewall running shorewall.
ie: I have this in rules: DNAT net sls:10.2.251.10:21068 udp 21068 - x.x.x.x (x.x.x.x = firewall eth1 address) and this in masq: eth1 $VLAN251 64.251.72.14 I'm guessing this won't work. Is there another way to achieve this without adding another external IP to the firewall? shorewall version 2.2.0 (I know, it's old) two nics as follows: eth1 (net) <-> [fw] <-> eth0 (int) <-> [Cisco] <-> local 10.x.x.x subnets both eth1 and eth0 are on public routable networks, everything behind the Cisco is private. Thanks. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
