Thanks, works perfectly. I guess i should read the docs more carefully. ----- Original Message ----- From: "Tom Eastep" <[email protected]> To: "Shorewall Users" <[email protected]> Sent: Friday, January 29, 2010 5:41:16 PM Subject: Re: [Shorewall-users] Redirecting a port from a specific external address
Nikolai K. Bochev wrote: > Hello list, > > My first time writing here :) > > I have the following question - i have a setup on a certain server like > this : > > br0 -> external ip's ( port eth0 ) > br1 -> internal ip's ( port eth1 ) > > On br0 there are several ip addresses : > > 8: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state > UNKNOWN > link/ether 00:30:48:be:70:5c brd ff:ff:ff:ff:ff:ff > inet 212.116.129.230/30 brd 212.116.129.231 scope global br0 > inet 213.145.99.115/29 scope global br0 > inet6 fe80::230:48ff:febe:705c/64 scope link > valid_lft forever preferred_lft forever > > > What i need to do is redirect port 80 to an internal address based on > the ip address to which the request was made, i.e. : > > 212.116.129.230/30 on port 80 goes to -> 192.168.1.254:80 > 213.145.99.115/29 on port 80 goes to -> 192.168.1.248:80 > > With normal iptables, i would achieve this with something like this : > > > iptables -t nat -A PREROUTING -i br0 -d 212.116.129.230 -p tcp --dport > 80 -j DNAT --to-destination 192.168.1.248:80 > > How do i do this with shorewall ? > > Also the 192.168.1.248:80 is the ip address of br1 ( the firewall ) if > that matters. Your question is addressed by example 5 in the shorewall-rules manpage. In /etc/shorewall/rules: DNAT net $FW:192.168.1.254 tcp 80 - 212.116.129.230 Given that you didn't tell us the location of the host with address 192.168.1.254, I can't tell you what the exact rule should be. But whatever zone 'Z' that 192.168.1.254 is in, you will have: DNAT net Z:192.168.1.254 tcp 80 - 212.116.129.230 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
