The first rule would be something like:
"dnat service http from host192_168_121_12.local.lan to host1_1_1_2.world.inet"
Where host192_168_121_12.local.lan is 192.168.121.12 and host1_1_1_2.world.inet is 1.1.1.2.
The second rule can't be created by Vuurmuur directly, but you can add it to the PRE-VRMR-OUTPUT chain in the nat table. Vuurmuur won't touch it on reloads. You are responsible for making sure it's added after a reboot though.
Can you describe your use case? If it makes sense to me I could add support for it to Vuurmuur!
Thanks,
Victor
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for your blazingly fast response. I think my situation is quite exotic, let me explain it:
I have 1 server with 3 interfaces, on this server i have Vuurmuur installed.
- 1 interface is for the LAN + Internet connection
- 1 inteface is connected to a wireless router (1.1.1.2 is the wireless router)
- 1 inteface is virtual (tun0) (OpenVPN)
Behind the Wireless router there is a Wireless webcam. Which has ip address: 192.168.121.12
My goal is to create a connection to the wireless webcam from my VPN
I route 192.168.121.12/32 to my Vuurmuur machine in my VPN config
So all traffic to the webcam goes to the Vuurmuur machine.
The vuurmuur machine needs to translate the original destination (192.168.121.12) to the outside (WAN) interface of my Wireless router (1.1.1.2)
The Wireless router has a portmap to the webcam.
Maybe you have a better idea how to solve this and if not, can you explain to me how to use the PRE-VRMR-OUTPUT chain?
Thanks,
Sjors
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm sorry I am not sure if I get that setup correctly. You have:
CAM --- ROUTER --- Vuurmuur_Firewall --- INET
where "ROUTER" does NAT (or better masquerading as 1.1.1.2) and the firewall does some kind of masquerading too.
With VPN you connect to your Vuurmuur_Firewall and try to connect to 192.168.121.12:80/tcp. Vuurmuur should translate this request to 1.1.1.2:80/tcp. So you actually connect to "ROUTER" -- who does port forwarding to the cam.
If I got your setup right, I wonder, why you try to work with "virtual IPs" (192.168.121.12 does not exist in the area around "Vuurmuur_Firewall").
Actually I think you should leave the firewalling/masquerading/natting stuff to Vuurmuur and let the WLAN Router just route...
Anyways... I am looking forward to further detailed descriptions on what you plan to do and why you're doing it...
best regards,
Adi Kriegisch
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
How can i translate these 2 rules into Vuurmuur?
I want to rewrite the destination ip:
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.121.12 --dport 80 -j DNAT --to-destination 1.1.1.2
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 192.168.121.12 --dport 80 -j DNAT --to-destination 1.1.1.2
Regards,
Sjors.
ps. VuurMuur is great!
Hi Sjors,
The first rule would be something like:
"dnat service http from host192_168_121_12.local.lan to host1_1_1_2.world.inet"
Where host192_168_121_12.local.lan is 192.168.121.12 and host1_1_1_2.world.inet is 1.1.1.2.
The second rule can't be created by Vuurmuur directly, but you can add it to the PRE-VRMR-OUTPUT chain in the nat table. Vuurmuur won't touch it on reloads. You are responsible for making sure it's added after a reboot though.
Can you describe your use case? If it makes sense to me I could add support for it to Vuurmuur!
Thanks,
Victor
Hi Victor,
Thanks for your blazingly fast response. I think my situation is quite exotic, let me explain it:
I have 1 server with 3 interfaces, on this server i have Vuurmuur installed.
- 1 interface is for the LAN + Internet connection
- 1 inteface is connected to a wireless router (1.1.1.2 is the wireless router)
- 1 inteface is virtual (tun0) (OpenVPN)
Behind the Wireless router there is a Wireless webcam. Which has ip address: 192.168.121.12
My goal is to create a connection to the wireless webcam from my VPN
I route 192.168.121.12/32 to my Vuurmuur machine in my VPN config
So all traffic to the webcam goes to the Vuurmuur machine.
The vuurmuur machine needs to translate the original destination (192.168.121.12) to the outside (WAN) interface of my Wireless router (1.1.1.2)
The Wireless router has a portmap to the webcam.
Maybe you have a better idea how to solve this and if not, can you explain to me how to use the PRE-VRMR-OUTPUT chain?
Thanks,
Sjors
I'm sorry I am not sure if I get that setup correctly. You have:
CAM --- ROUTER --- Vuurmuur_Firewall --- INET
where "ROUTER" does NAT (or better masquerading as 1.1.1.2) and the firewall does some kind of masquerading too.
With VPN you connect to your Vuurmuur_Firewall and try to connect to 192.168.121.12:80/tcp. Vuurmuur should translate this request to 1.1.1.2:80/tcp. So you actually connect to "ROUTER" -- who does port forwarding to the cam.
If I got your setup right, I wonder, why you try to work with "virtual IPs" (192.168.121.12 does not exist in the area around "Vuurmuur_Firewall").
Actually I think you should leave the firewalling/masquerading/natting stuff to Vuurmuur and let the WLAN Router just route...
Anyways... I am looking forward to further detailed descriptions on what you plan to do and why you're doing it...
best regards,
Adi Kriegisch