Hi, I have a firewall host which has multiple IP addresses, i.e.
- 1.2.3.4 - 1.2.3.5 - 1.2.3.6 I have different applications listening on same port 80 on IP 1.2.3.4 and 1.2.3.6. To access port 80 on these IPs, I have twp ACCEPT rules like ACCEPT(MyApp) net $FW:1.2.3.4 ACCEPT(MyApp2) net $FW:1.2.3.6 *MyApp" or "MyApp2" is a simple macro containing just > PARAM - - tcp 80 I now need to open MyApp2 on port 3080 in addition to port 80. However, I cannot tell the application to listen on both ports (application can only bind to one port) so I want to use a REDIRECT rule. But how do I do that? A simple > REDIRECT net $FW:1.2.3.6:80 tcp 3080 doesn't work (looks like I cannot specify an IP address in REDIRECT rules but plain iptables should support that, not?). But even without the ip address, i.e. like > REDIRECT net $FW::80 tcp 3080 it doesn't work. A "telnet 1.2.3.6 3080" doesn't end up in the REJECT (my default policy) like without the rule and I see > Chain PREROUTING (policy ACCEPT 177 packets, 8611 bytes) > pkts bytes target prot opt in out source > destination > 9 456 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 > tcp dpt:3080 redir ports 80 but the application listening on port 1.2.3.6:80 didn't get connection. How can I get this working? It is important that 3080 should only be opened on IP 1.2.3.6 and should redirect to 1.2.3.6:80 on the same host... Thanks! -- Regards, Igor ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
