Opened 11 years ago
Last modified 11 years ago
#47 new enhancement
Extend DNAT rules
| Reported by: | Victor Julien | Owned by: | Victor Julien |
|---|---|---|---|
| Priority: | major | Milestone: | undecided |
| Component: | suite | Version: | |
| Keywords: | Cc: |
Description
DNAT rules can currently only go to a host in the Vuurmuur rules syntax. We should allow not just DNATting traffic to the firewall, but also to a network. This will be hard to do in the rules syntax.
Change History (8)
comment:1 follow-up: 4 Changed 11 years ago by
comment:2 Changed 11 years ago by
| Owner: | changed from Adi Kriegisch to Victor Julien |
|---|---|
| Status: | new → assigned |
comment:3 Changed 11 years ago by
| Owner: | changed from Victor Julien to Adi Kriegisch |
|---|---|
| Status: | assigned → new |
comment:4 follow-up: 5 Changed 11 years ago by
Replying to victor:
The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900
I think I do not fully grasp?!
comment:5 Changed 11 years ago by
Replying to adi:
Replying to victor:
The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900
I think I do not fully grasp?!
In Vuurmuur Portfw and DNAT only work for traffic destined to the firewall itself. Traffic that passed the firewall can not be redirected to a different IP... thats what some ppl need, thats what I'd like to support. More clear?
comment:6 Changed 11 years ago by
| Status: | new → assigned |
|---|
comment:7 Changed 11 years ago by
| Owner: | changed from Adi Kriegisch to Victor Julien |
|---|---|
| Status: | assigned → new |
probably I am not the right person for this... ;-)
comment:8 Changed 11 years ago by
We need this to be able to create rules like here at 6.1: http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#s6
The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900