well you can't - to the best of my knowledge. And I cannot see the
reason for wanting it. The idea of using -i and -o in FORWARD chain is
to specify the direction traffic is allowed to go. It could be that
firewall is blocking all outgoing traffic. Omitting -i and -o would
allow the internal server to initiate traffic to port 23 anywhere in the
internet.
Virtual interface is for assigning additional IP-s to same interface, so
any rules regarding interface still apply to the whole of physical
network card.
-vahur
James Pifer wrote:
On Thu, 2008-04-24 at 17:27 +0300, Vahur Jõesalu wrote:
hmm, if I understood you correctly, then this should work just fine (on
linux firewall):
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 23 -j DNAT \
--to telnetserverip:port-number
/sbin/iptables -I FORWARD -i external_interface -o internal_interface \
-p tcp -d telnetserverip --dport portnumberontelnetserver -j ACCEPT
after a reboot or firewall service restart it's gone again.
-vahur
Sorry to jump in on someone else's thread, but... How do you do this if
the interface you want to use is a virtual? Meaning it's eth0:1 for
example? The -i parameter will not let you use that.
Thanks,
James
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
