Re: [Shorewall-users] interface specific rules

Thu, 17 Jan 2019 22:27:04 -0800 

Hi Tom,

I was testing for a requirement for supporting for SNAT and DNAT support
for either direction outside to inside or inside to outside on the
interface configuration.
Hence I was testing DNAT rule on either direction, I was able to
achieve this but with any zone, could not restrict on just the interface.

Thanks,
Naveen

On Thu, Jan 17, 2019 at 6:33 PM Tom Eastep <teas...@shorewall.net> wrote:

> On 1/17/19 4:58 PM, Naveen Neelakanta wrote:
> >
> > I tried with this , was getting error .
> >
> > DNAT any:eth2:0.0.0.0/0 <http://0.0.0.0/0>      any:8.8.8.8      icmp
> >   -      -      1.1.1.1/32 <http://1.1.1.1/32>
> > ERROR: Source Interface (eth2) not allowed when the SOURCE is the
> > firewall /etc/shorewall/rules (line 21)
> >
> > So, I believe when we use interface, I have to specify its zone like the
> > below, which does not through any error.
> > I was looking for a way to use any and use the interface name.
> >
> > DNAT inet:eth2:0.0.0.0/0 <http://0.0.0.0/0>      any:8.8.8.8      icmp
> >     -      -      1.1.1.1/32 <http://1.1.1.1/32>
> >
> > Regards,
> > Naveen
> >
> >
> > On Thu, Jan 17, 2019 at 4:41 PM Justin Pryzby <pry...@telsasoft.com
> > <mailto:pry...@telsasoft.com>> wrote:
> >
> >     On Thu, Jan 17, 2019 at 04:02:13PM -0800, Naveen Neelakanta wrote:
> >     > Hi Tom,
> >     >
> >     > I have the below DNAT rule working, but I want to apply this rule
> >     only for
> >     > a specific interface,
> >     > can we achieve that?
> >     >
> >     > DNAT any:0.0.0.0/0 <http://0.0.0.0/0>      any:8.8.8.8      icmp
> >         -      -      1.1.1.1/32 <http://1.1.1.1/32>
> >
> >     It says:
> >     http://shorewall.net/manpages/shorewall-rules.html
> >
> >     SOURCE - source-spec[,...]
> >         Source hosts to which the rule applies.
> >         source-spec is one of the following:
> >     ....
> >     zone:interface
> >     ...
> >
>
> Why???
>
> -Tom
> --
> Tom Eastep        \   Q: What do you get when you cross a mobster with
> Shoreline,         \     an international standard?
> Washington, USA     \ A: Someone who makes you an offer you can't
> http://shorewall.org \   understand
>                       \_______________________________________________
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to