It sounded like he knew the offending machine, not the offending program.
On Thu, Oct 10, 2013 at 2:51 PM, Dominic Benson <[email protected]>wrote:
>
>
> On 10 Oct 2013, at 20:45, johnny bowen <[email protected]> wrote:
>
> Dominic,
>
> With the orginal destination column you can restrict the scope of 'traffic
> to', not 'traffic from'. In his case he's looking to trap some packets from
> 'traffic from' .
>
>
> I thought from the original post that the *source* of the offending
> requests was unknown.
>
> Restricting traffic to would prevent redirection of requests to other port
> 80 services.
>
>
>
> I think the following example explains it better:
>
> Example 5: All http requests from the internet to address 130.252.100.69are
> to be forwarded to 192.168.1.3
>
> #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
> # PORT PORT(S) DEST
> DNAT net loc:192.168.1.3 tcp 80 - 130.252.100.69
>
>
>
> On Thu, Oct 10, 2013 at 11:18 AM, Dominic Benson <[email protected]>wrote:
>
>>
>> > On 10 Oct 2013, at 18:52, Brian Burch <[email protected]> wrote:
>> >
>> >> On 10/10/13 17:55, johnny bowen wrote:
>> >> REDIRECT net 22 tcp 902
>> >
>> > Thanks for thinking about it Johnny, but I said in my first post that I
>> > couldn't make REDIRECT work in my situation.
>>
>> Isn't it possible to restrict the scope of the redirect using the
>> ORIGINAL_DEST column - e.g.:
>>
>> REDIRECT loc 80 tcp 8080 - 1.2.3.4
>>
>> (I haven't tried, so I may be off here)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> October Webinars: Code for Performance
>> Free Intel webinars can help you accelerate application performance.
>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
>> from
>> the latest Intel processors and coprocessors. See abstracts and register >
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
>
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
