Hi We have a Shorewall configuration where we: * sets up one-to-one NAT in the file /etc/shorewall/nat * sets up port forwarding rules for specific IPs and ports in /etc/shorewall/rules
So basically, what we want to achieve is that all traffic to ip 10.10.10.10 should point to inside 192.168.0.2 _except_ for port 80 which should go to 192.168.0.3. Unfortunately, with this setup the more general one-to-one rule ends up in the NAT chain "nat_in", while the more specific port forwarding ends up in the chain "dnat". And, in the configuration generated by shorewall, the nat_in chain is placed above the dnat chain. This is done in file "Misc.pm", lines 1446-1448. Should we do our configuration some other way, or is this something that should be fixed in Shorewall? BR, David Westlund ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
