Thanks, Tom I will try that, to your question, let's say there are DNS request to IP 4.2.2.2 udp/tcp 53 and I want to DNAT those to a different DNS server (say 8.8.8.8)
Thanks, Naveen On Fri, Jan 18, 2019 at 9:36 AM Tom Eastep <teas...@shorewall.net> wrote: > On 1/18/19 8:52 AM, Tom Eastep wrote: > > On 1/17/19 10:25 PM, Naveen Neelakanta wrote: > >> Hi Tom, > >> > >> I was testing for a requirement for supporting for SNAT and DNAT support > >> for either direction outside to inside or inside to outside on the > >> interface configuration. > >> Hence I was testing DNAT rule on either direction, I was able to > >> achieve this but with any zone, could not restrict on just the > interface. > >> > > > > My question is "What problem are you trying to solve by having DNAT > > rules that are independent of the incoming zone?". > > > > But if you *really* want to do it, the following will forward all > incoming icmp packets addressed to 1.1.1.1 to 8.8.8.8. Note that this > only does the DNAT and does not generate any accompanying ACCEPT rules > in the filter table > > /etc/shorewall/actions: > > Dnat > > /etc/shorewall/action.Dnat > > DNAT @1 @2 > > /etc/shorewall/rules > > Dnat(eth0, 8.8.8.8) all!$FW all icmp - - 1.1.1.1 > > -Tom > -- > Tom Eastep \ Q: What do you get when you cross a mobster with > Shoreline, \ an international standard? > Washington, USA \ A: Someone who makes you an offer you can't > http://shorewall.org \ understand > \_______________________________________________ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
