Opened 8 years ago
Last modified 8 years ago
#47 new enhancement
Extend DNAT rules
| Reported by: | victor | Owned by: | victor |
|---|---|---|---|
| Priority: | major | Milestone: | undecided |
| Component: | suite | Version: | |
| Keywords: | Cc: |
Description
DNAT rules can currently only go to a host in the Vuurmuur rules syntax. We should allow not just DNATting traffic to the firewall, but also to a network. This will be hard to do in the rules syntax.
Change History (8)
comment:1 follow-up: ↓ 4 Changed 8 years ago by victor
comment:2 Changed 8 years ago by victor
- Owner changed from adi to victor
- Status changed from new to assigned
comment:3 Changed 8 years ago by victor
- Owner changed from victor to adi
- Status changed from assigned to new
comment:4 in reply to: ↑ 1 ; follow-up: ↓ 5 Changed 8 years ago by adi
Replying to victor:
The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900
I think I do not fully grasp?!
comment:5 in reply to: ↑ 4 Changed 8 years ago by victor
Replying to adi:
Replying to victor:
The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900
I think I do not fully grasp?!
In Vuurmuur Portfw and DNAT only work for traffic destined to the firewall itself. Traffic that passed the firewall can not be redirected to a different IP... thats what some ppl need, thats what I'd like to support. More clear?
comment:6 Changed 8 years ago by adi
- Status changed from new to assigned
comment:7 Changed 8 years ago by adi
- Owner changed from adi to victor
- Status changed from assigned to new
probably I am not the right person for this... ;-)
comment:8 Changed 8 years ago by victor
We need this to be able to create rules like here at 6.1: http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#s6
The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900