[leaf-user] Shorewall-1.3.8 DNAT

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I'm trying to redirect port 24 to 25 for a single IP.  My rules file 
line is:

DNAT loc dmz:10.10.1.1:25 tcp 24 - 10.10.1.1

It appears that this rule is useless because the original destination IP 
matches the destination IP.
Leaving off the - 10.10.1.1 portion does redirect all tcp traffic from 
loc destined for port 24 as expected.  However, I would still like to 
have it dropped unless destined for this particular host.

The value (Yes/No) of DETECT_DNAT_IPADDRS in shorewall.conf seems to 
have no effect one way or the other.

For now, I've come up with this work around:

DNAT loc dmz:66.114.159.164 tcp 24 - 10.10.1.1

I did have this working in an older version of Shorewall that did not 
include DNAT rules.

Is there a way to do what I want?  Is this a bug, known issue, or by 
design with the current version?

[leaf-user] Shorewall-1.3.8 DNAT

A secure, feature-rich, customizable embedded Linux network appliance

[leaf-user] Shorewall-1.3.8 DNAT