[Firehol-support] DNAT on servicee

Tsaousis, Costa costa at tsaousis.gr
Sun May 1 20:25:51 BST 2016 

Oh. I see. You are right, but this is not implemented. You can write a look
though:

for x in ${server_xbox_ports}
do
   dnat to A proto "${x/\/*/}" dports "${x/*\//}"
done



On Sun, May 1, 2016 at 10:11 PM, Celedhrim <celed+firehol at ielf.org> wrote:

> Hi,
>
> Yes I know that , but that's exactly what I don't want to do
>
> Xbox needs :
>
>  * Port 88 (UDP)
>  * Port 3074 (UDP et TCP)
>  * Port 53 (UDP et TCP)
>  * Port 80 (TCP)
>  * Port 500 (UDP)
>  * Port 3544 (UDP)
>  * Port 4500 (UDP)
>
>
> I would be nicer to do
>
> dnat to $myxbox dst $wan_ip mycustomxboxservice
>
>
> Because if I define custom service , I can't reuse them in dnat part.
>
> With the actual behaviour , finally I redefine the service in dnat rules
>
>
>
>
> Le 01/05/2016 à 20:45, Tsaousis, Costa a écrit :
>
>> The firehol dnat statement, can do whatever your like:
>>
>>
>> # send to 10.0.0.10 all traffic towards 1.2.3.4
>> dnat to 10.0.0.10 dst 1.2.3.4
>>
>> # send to 10.0.0.10 all TCP traffic towards 1.2.3.4 port tcp/1000:2000
>> dnat to 10.0.0.10 dst 1.2.3.4 proto tcp dport 1000:2000
>>
>> etc.
>>
>> Costa
>>
>>
>>
>> On Sun, May 1, 2016 at 2:03 PM, Celedhrim <celed+firehol at ielf.org
>> <mailto:celed+firehol at ielf.org>> wrote:
>>
>>     Hi,
>>
>>
>>     I currently try to translate my old pure iptables script to firehol.
>>
>>     But I cannot find how to dnat a service.
>>
>>
>>     Let me explain , a simple service is easy to DNAT, but for example
>>     , xbox service
>>
>>
>>     I need to dnat all port to my xbox , so in interface , easy to
>>     accept , but in dnat rules , I need to define all port one by one.
>>
>>
>>     Maybe I don't understand something , but I think it would more
>>     easy to nat a service to nat multiple port.
>>
>>     _______________________________________________
>>     Firehol-support mailing list
>>     Firehol-support at lists.firehol.org
>>     <mailto:Firehol-support at lists.firehol.org>
>>     http://lists.firehol.org/mailman/listinfo/firehol-support
>>
>>
>>
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
>

More information about the Firehol-support mailing list