On Sat, Apr 01, 2023 at 06:10:50PM +0200, Olivier Sannier wrote: > Hello, > > I am using Shorewall 5.2.8 on a server that has three interfaces, one > internal, one DMZ and one connected to the Internet. > On that server, there is a service that binds itself only on localhost and > that cannot be configured otherwise. > As I would like to access it from the "loc" zone, I have tried writing this > REDIRECT rule: > REDIRECT loc lo:1883 tcp 1883 - &loc
For redirect, you shouldn't specify an interface nor a zone. > I tried looking in the documentation but I could find an example for > REDIRECT rules https://shorewall.org/manpages/shorewall-rules.html It looks like the docs used to say this, but the language got changed (and I think the removed language was more clear). | The zone should be omitted in DNAT-, REDIRECT- and NONAT rules. | If the ACTION is REDIRECT or REDIRECT-, this column needs only to | contain the port number on the firewall that the request should be | redirected to. -- Justin _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users