On 1/18/19 8:52 AM, Tom Eastep wrote: > On 1/17/19 10:25 PM, Naveen Neelakanta wrote: >> Hi Tom, >> >> I was testing for a requirement for supporting for SNAT and DNAT support >> for either direction outside to inside or inside to outside on the >> interface configuration. >> Hence I was testing DNAT rule on either direction, I was able to >> achieve this but with any zone, could not restrict on just the interface. >> > > My question is "What problem are you trying to solve by having DNAT > rules that are independent of the incoming zone?". >
But if you *really* want to do it, the following will forward all incoming icmp packets addressed to 1.1.1.1 to 8.8.8.8. Note that this only does the DNAT and does not generate any accompanying ACCEPT rules in the filter table /etc/shorewall/actions: Dnat /etc/shorewall/action.Dnat DNAT @1 @2 /etc/shorewall/rules Dnat(eth0, 8.8.8.8) all!$FW all icmp - - 1.1.1.1 -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
