[Firehol-support] DNAT on servicee

Celedhrim celed+firehol at ielf.org
Sun May 1 20:30:14 BST 2016 

Thx fir the quick and useful answer !

That's exactly what I want !

Le 01/05/2016 à 21:25, Tsaousis, Costa a écrit :
> Oh. I see. You are right, but this is not implemented. You can write a 
> look though:
>
> for x in ${server_xbox_ports}
> do
>    dnat to A proto "${x/\/*/}" dports "${x/*\//}"
> done
>
>
>
> On Sun, May 1, 2016 at 10:11 PM, Celedhrim <celed+firehol at ielf.org 
> <mailto:celed+firehol at ielf.org>> wrote:
>
>     Hi,
>
>     Yes I know that , but that's exactly what I don't want to do
>
>     Xbox needs :
>
>      * Port 88 (UDP)
>      * Port 3074 (UDP et TCP)
>      * Port 53 (UDP et TCP)
>      * Port 80 (TCP)
>      * Port 500 (UDP)
>      * Port 3544 (UDP)
>      * Port 4500 (UDP)
>
>
>     I would be nicer to do
>
>     dnat to $myxbox dst $wan_ip mycustomxboxservice
>
>
>     Because if I define custom service , I can't reuse them in dnat part.
>
>     With the actual behaviour , finally I redefine the service in dnat
>     rules
>
>
>
>
>     Le 01/05/2016 à 20:45, Tsaousis, Costa a écrit :
>
>         The firehol dnat statement, can do whatever your like:
>
>
>         # send to 10.0.0.10 all traffic towards 1.2.3.4
>         dnat to 10.0.0.10 dst 1.2.3.4
>
>         # send to 10.0.0.10 all TCP traffic towards 1.2.3.4 port
>         tcp/1000:2000
>         dnat to 10.0.0.10 dst 1.2.3.4 proto tcp dport 1000:2000
>
>         etc.
>
>         Costa
>
>
>
>         On Sun, May 1, 2016 at 2:03 PM, Celedhrim
>         <celed+firehol at ielf.org <mailto:celed%2Bfirehol at ielf.org>
>         <mailto:celed+firehol at ielf.org
>         <mailto:celed%2Bfirehol at ielf.org>>> wrote:
>
>             Hi,
>
>
>             I currently try to translate my old pure iptables script
>         to firehol.
>
>             But I cannot find how to dnat a service.
>
>
>             Let me explain , a simple service is easy to DNAT, but for
>         example
>             , xbox service
>
>
>             I need to dnat all port to my xbox , so in interface , easy to
>             accept , but in dnat rules , I need to define all port one
>         by one.
>
>
>             Maybe I don't understand something , but I think it would more
>             easy to nat a service to nat multiple port.
>
>             _______________________________________________
>             Firehol-support mailing list
>         Firehol-support at lists.firehol.org
>         <mailto:Firehol-support at lists.firehol.org>
>             <mailto:Firehol-support at lists.firehol.org
>         <mailto:Firehol-support at lists.firehol.org>>
>         http://lists.firehol.org/mailman/listinfo/firehol-support
>
>
>
>     _______________________________________________
>     Firehol-support mailing list
>     Firehol-support at lists.firehol.org
>     <mailto:Firehol-support at lists.firehol.org>
>     http://lists.firehol.org/mailman/listinfo/firehol-support
>
>

More information about the Firehol-support mailing list