On 10/10/13 17:55, johnny bowen wrote: > REDIRECT net 22 tcp 902
Thanks for thinking about it Johnny, but I said in my first post that I couldn't make REDIRECT work in my situation. Still, I don't want to seem ungrateful, so I reconfigured as follows: REDIRECT loc 80 tcp 8080 I then tried to access the fake web server on the firewall in 4 different ways: * http://<outside snat ip address>:80 and http://<inside lan ip address>:80 both failed with Shorewall:loc2fw:REJECT log messages. * http://<outside snat ip address>:8080 and http://<inside lan ip address>:8080 fail to reply, but nothing is logged. My fake server is listening on 0.0.0.0:8080, and "wget http://127.0.0.1:8080"; from the firewall itself works fine. The good news is that my genuine clients can still successfully access web servers on the internet (via the snat ip address on the firewall). I'm still confused! Brian ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
