Opened 12 years ago
Last modified 12 years ago
#47 new enhancement
Extend DNAT rules
| Reported by: | Victor Julien | Owned by: | Victor Julien |
|---|---|---|---|
| Priority: | major | Milestone: | undecided |
| Component: | suite | Version: | |
| Keywords: | Cc: |
Description
DNAT rules can currently only go to a host in the Vuurmuur rules syntax. We should allow not just DNATting traffic to the firewall, but also to a network. This will be hard to do in the rules syntax.
Change History (8)
follow-up: 4 comment:1 by , 12 years ago
comment:2 by , 12 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 12 years ago
| Owner: | changed from to |
|---|---|
| Status: | assigned → new |
follow-up: 5 comment:4 by , 12 years ago
Replying to victor:
The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900
I think I do not fully grasp?!
comment:5 by , 12 years ago
Replying to adi:
Replying to victor:
The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900
I think I do not fully grasp?!
In Vuurmuur Portfw and DNAT only work for traffic destined to the firewall itself. Traffic that passed the firewall can not be redirected to a different IP... thats what some ppl need, thats what I'd like to support. More clear?
comment:6 by , 12 years ago
| Status: | new → assigned |
|---|
comment:7 by , 12 years ago
| Owner: | changed from to |
|---|---|
| Status: | assigned → new |
probably I am not the right person for this... ;-)
comment:8 by , 12 years ago
We need this to be able to create rules like here at 6.1: http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#s6
The idea is to enable creating rules like this: $IPTABLES -t nat -A PREROUTING -i $DMZIF -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900