On 1/17/19 4:58 PM, Naveen Neelakanta wrote: > > I tried with this , was getting error . > > DNAT any:eth2:0.0.0.0/0 <http://0.0.0.0/0> any:8.8.8.8 icmp > - - 1.1.1.1/32 <http://1.1.1.1/32> > ERROR: Source Interface (eth2) not allowed when the SOURCE is the > firewall /etc/shorewall/rules (line 21) > > So, I believe when we use interface, I have to specify its zone like the > below, which does not through any error. > I was looking for a way to use any and use the interface name. > > DNAT inet:eth2:0.0.0.0/0 <http://0.0.0.0/0> any:8.8.8.8 icmp > - - 1.1.1.1/32 <http://1.1.1.1/32> > > Regards, > Naveen > > > On Thu, Jan 17, 2019 at 4:41 PM Justin Pryzby <pry...@telsasoft.com > <mailto:pry...@telsasoft.com>> wrote: > > On Thu, Jan 17, 2019 at 04:02:13PM -0800, Naveen Neelakanta wrote: > > Hi Tom, > > > > I have the below DNAT rule working, but I want to apply this rule > only for > > a specific interface, > > can we achieve that? > > > > DNAT any:0.0.0.0/0 <http://0.0.0.0/0> any:8.8.8.8 icmp > - - 1.1.1.1/32 <http://1.1.1.1/32> > > It says: > http://shorewall.net/manpages/shorewall-rules.html > > SOURCE - source-spec[,...] > Source hosts to which the rule applies. > source-spec is one of the following: > .... > zone:interface > ... >
Why??? -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
