Opened 6 years ago

Last modified 6 years ago

#47 new enhancement

Extend DNAT rules

Reported by: victor Owned by: victor
Priority: major Milestone: undecided
Component: suite Version:
Keywords: Cc:

Description

DNAT rules can currently only go to a host in the Vuurmuur rules syntax. We should allow not just DNATting traffic to the firewall, but also to a network. This will be hard to do in the rules syntax.

Change History (8)

comment:1 follow-up: Changed 6 years ago by victor

The idea is to enable creating rules like this:
$IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900

comment:2 Changed 6 years ago by victor

  • Owner changed from adi to victor
  • Status changed from new to assigned

comment:3 Changed 6 years ago by victor

  • Owner changed from victor to adi
  • Status changed from assigned to new

comment:4 in reply to: ↑ 1 ; follow-up: Changed 6 years ago by adi

Replying to victor:

The idea is to enable creating rules like this:
$IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900

I think I do not fully grasp?!

comment:5 in reply to: ↑ 4 Changed 6 years ago by victor

Replying to adi:

Replying to victor:

The idea is to enable creating rules like this:
$IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900

I think I do not fully grasp?!

In Vuurmuur Portfw and DNAT only work for traffic destined to the firewall itself. Traffic that passed the firewall can not be redirected to a different IP... thats what some ppl need, thats what I'd like to support. More clear?

comment:6 Changed 6 years ago by adi

  • Status changed from new to assigned

comment:7 Changed 6 years ago by adi

  • Owner changed from adi to victor
  • Status changed from assigned to new

probably I am not the right person for this... ;-)

comment:8 Changed 6 years ago by victor

We need this to be able to create rules like here at 6.1:
http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#s6

Note: See TracTickets for help on using tickets.