Opened 10 years ago

Last modified 9 years ago

#47 new enhancement

Extend DNAT rules

Reported by: Victor Julien Owned by: Victor Julien
Priority: major Milestone: undecided
Component: suite Version:
Keywords: Cc:

Description

DNAT rules can currently only go to a host in the Vuurmuur rules syntax. We should allow not just DNATting traffic to the firewall, but also to a network. This will be hard to do in the rules syntax.

Change History (8)

comment:1 Changed 10 years ago by Victor Julien

The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900

comment:2 Changed 10 years ago by Victor Julien

Owner: changed from Adi Kriegisch to Victor Julien
Status: newassigned

comment:3 Changed 10 years ago by Victor Julien

Owner: changed from Victor Julien to Adi Kriegisch
Status: assignednew

comment:4 in reply to:  1 ; Changed 10 years ago by Adi Kriegisch

Replying to victor:

The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900

I think I do not fully grasp?!

comment:5 in reply to:  4 Changed 10 years ago by Victor Julien

Replying to adi:

Replying to victor:

The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900

I think I do not fully grasp?!

In Vuurmuur Portfw and DNAT only work for traffic destined to the firewall itself. Traffic that passed the firewall can not be redirected to a different IP... thats what some ppl need, thats what I'd like to support. More clear?

comment:6 Changed 10 years ago by Adi Kriegisch

Status: newassigned

comment:7 Changed 10 years ago by Adi Kriegisch

Owner: changed from Adi Kriegisch to Victor Julien
Status: assignednew

probably I am not the right person for this... ;-)

comment:8 Changed 9 years ago by Victor Julien

We need this to be able to create rules like here at 6.1: http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#s6

Note: See TracTickets for help on using tickets.