Opened 13 years ago
Last modified 13 years ago
#124 new enhancement
Rules without set interface
| Reported by: | Nemesiz | Owned by: | Victor Julien |
|---|---|---|---|
| Priority: | minor | Milestone: | undecided |
| Component: | suite | Version: | |
| Keywords: | Cc: |
Description
My network is like this one:
eth0 - internet[[BR]] eth1 (192.168.0.0/24), eth2 (192.168.1.0/24), vmbr1 (10.10.10.0/24) - lan
I`m redirecting incoming connection from outside eth0 (port 80) to lan_IP (port 81)
RULE="Dnat service VPS_web from world.INET to web.ip.VPS options remoteport="81"
vuurmuur makes a rule
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --syn -s 0.0.0.0/0.0.0.0 --sport 1024:65535 -d IP/255.255.255.255 --dport 80 -m state --state NEW -j DNAT --to-destination 10.10.10.12:81
Works fine for outside computers, but for lan computers that's doesn't work and if you remove "-i eth0" - lan computers can work just fine.
This way I can make easier for my IPTV - rules without interface
Note:
See TracTickets
for help on using tickets.
If I understand the problem correctly, the "bounce" action is what you'd need here. However that won't support the listenport and remoteport options... will add that at some point in time...