Bráulio Gergull wrote: > Hi all, > > I've been using SuSE and SuSEfirewall for a long time, and now I'm > giving Shorewall a try. It's a great piece of software and I have > already moved some systems to Ubuntu and Shorewall very easily, just > following the docs. > > But now I'm moving another system and am facing a problem that I could > not find in the docs. > > How do I do MASQUERADING to a specific target? ... > > I first would put it in masq file, but I couldn't find a way to specify > the destination address and port.
First of all, using MASQUERADING as a means for controlling access is not a good idea. You should use MASQUERADING to rewrite the SOURCE IP address and you should use filter rules to control access. Then I would put it in the rules file, > but then and cannot specify MASQ as the action. > > What's the right way to do it? /etc/shorewall/masq: <external if>:xxx.xxx.xxx.xxx 192.168.0.0/24 - tcp 3389 /etc/shorewall/rules: ACCEPT loc:192.168.0.x-192.168.0.z tcp 3389 The latter, of course, assumes that your loc->net policy is not ACCEPT. > By the way, I'm running Ubuntu 8.0.4 LTS and Shorewall 4.0.6. There are 4.2 Shorewall packages available for Hardy -- see the Shorewall download page. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
