On Sat, Apr 01, 2023 at 06:10:50PM +0200, Olivier Sannier wrote:
> Hello,
> 
> I am using Shorewall 5.2.8 on a server that has three interfaces, one
> internal, one DMZ and one connected to the Internet.
> On that server, there is a service that binds itself only on localhost and
> that cannot be configured otherwise.
> As I would like to access it from the "loc" zone, I have tried writing this
> REDIRECT rule:
> REDIRECT       loc             lo:1883 tcp     1883    - &loc

For redirect, you shouldn't specify an interface nor a zone.

> I tried looking in the documentation but I could find an example for
> REDIRECT rules

https://shorewall.org/manpages/shorewall-rules.html

It looks like the docs used to say this, but the language got changed
(and I think the removed language was more clear).

| The zone should be omitted in DNAT-, REDIRECT- and NONAT rules.

| If the ACTION is REDIRECT or REDIRECT-, this column needs only to
| contain the port number on the firewall that the request should be
| redirected to.

-- 
Justin


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to