From: Tom E. <te...@sh...> - 2005-04-29 13:32:28
|
Rauch Wolke wrote: > hello > > how can i only nat specific ports? > > 80,110,.... What type of NAT? SNAT? DNAT? And why do you ask? If you are thinking that you will only SNAT certain outgoing ports as a security measure, that's the wrong way to attack the problem. You should rather set your loc->net policy to REJECT then ACCEPT that traffic that you wish to allow outbound. Your SNAT/MASQUERADE rules should NOT be port/protocol specific in that case. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |