Ticket #47 (new enhancement)

Opened 8 months ago

Last modified 8 months ago

Extend DNAT rules

Reported by: victor Assigned to: victor
Priority: major Milestone: undecided
Component: suite Version:
Keywords: Cc:

Description

DNAT rules can currently only go to a host in the Vuurmuur rules syntax. We should allow not just DNATting traffic to the firewall, but also to a network. This will be hard to do in the rules syntax.

Change History

(follow-up: ↓ 4 ) 05/19/08 11:11:04 changed by victor

The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900

05/19/08 11:12:10 changed by victor

  • owner changed from adi to victor.
  • status changed from new to assigned.

05/19/08 11:12:26 changed by victor

  • owner changed from victor to adi.
  • status changed from assigned to new.

(in reply to: ↑ 1 ; follow-up: ↓ 5 ) 05/19/08 11:18:18 changed by adi

Replying to victor:

The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900

I think I do not fully grasp?!

(in reply to: ↑ 4 ) 05/19/08 11:20:38 changed by victor

Replying to adi:

Replying to victor:

The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900

I think I do not fully grasp?!

In Vuurmuur Portfw and DNAT only work for traffic destined to the firewall itself. Traffic that passed the firewall can not be redirected to a different IP... thats what some ppl need, thats what I'd like to support. More clear?

05/19/08 11:25:06 changed by adi

  • status changed from new to assigned.

05/19/08 11:25:57 changed by adi

  • owner changed from adi to victor.
  • status changed from assigned to new.

probably I am not the right person for this... ;-)