No, I just have a single zone on that interface.
cat /etc/shorewall/interfaces
inet eth2 detect tcpflags,nosmurfs,logmartians
I tried the Dnat action method I did not see it getting translated, below
are the steps i did.
/etc/shorewall/action.Dnat
DNAT @1 @2
/etc/shorewall/rules
Dnat(eth2,8.8.8.8) all!$FW all icmp - - 1.1.1.1/32
Chain ~comb0 (11 references)
pkts bytes target prot opt in out source
destination
0 0 DNAT icmp -- eth2 * 0.0.0.0/0
1.1.1.1 to:8.8.8.8
Since the traffic is coming from LAN and going out on eth2( WAN
) interface, I believe I need to get the eth2 to be on the out interface
column, i tried few things to get the eth2 on the out column it did not
help.
Any other suggestions?
Thanks,
Naveen
On Fri, Jan 18, 2019 at 11:16 AM Tom Eastep <teas...@shorewall.net> wrote:
> On 1/18/19 10:58 AM, Naveen Neelakanta wrote:
> > Thanks, Tom I will try that, to your question, let's say there are DNS
> > request to IP 4.2.2.2 udp/tcp 53 and I want to DNAT those to a different
> > DNS server (say 8.8.8.8)
> >
> >
>
> I get that. In the example you sent, you used 'any' rather than 'all'.
> Is it that you have multiple zones on an interface (possibly nested) and
> you want DNS requests from all of those zones to be forwarded?
>
> -Tom
> --
> Tom Eastep \ Q: What do you get when you cross a mobster with
> Shoreline, \ an international standard?
> Washington, USA \ A: Someone who makes you an offer you can't
> http://shorewall.org \ understand
> \_______________________________________________
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
