On 12/13/18 12:40 AM, HÖGLUND, Göran via Shorewall-users wrote: > Hi > > I can not figure out how to DNAT traffic from a specific IP address in > one zone to a specific ip address in another zone all let all other > traffic be treated ”normally” > > My idea is: > > DNAT loc:192.168.0.2 dmz:192.168.1.2 udp 53 > > Seems to fail ….
That rule will forward UDP DNS requests from 192.168.0.2 in the loc zone
to the DNS server at 192.168.1.2 in the dmz zone, PROVIDED THAT there
are no existing conntrack entries for udp 53 from 192.168.0.2 to
whatever the original destination address in the request.
If the conntrack utility is installed, you can delete any such entries via:
conntrack -D -s 192.168.0.2 -p udp --dport 53
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
