Nerijus Baliunas <[email protected]> wrote: > I have in rules file: > DNAT net loc:10.10.10.12 tcp 443 > > I want to temporarily open 443 on firewall itself so that connections to tcp > port 443 > from outside would go to fw, not 10.10.10.12. > > I run command: > # shorewall open all 81.x.x.x tcp 443 > Firewall dynamically opened for connections from all to 81.x.x.x tcp port 443 > > 81.x.x.x is my external interface IP addr. > > But if I open https://81.x.x.x from outside I still am forwarded to > 10.10.10.12.
According to the diagram at http://www.shorewall.org/NetfilterOverview.html the NAT rules are processed before the input filter. So the rule created by the open command will have no effect as the packet will not make it that far - it's been through the nat table first. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
