-----BEGIN PGP SIGNED MESSAGE----- Hi Neal! Sorry if I'm a little bit late on your specific problem, but nevertheless:
If only the FW_FORWARD_MASQ supported the concept of three addresses such as: source_ip,firewalls_external_ip,interior_destination_ip,protocol,portnumber
Well, in that case you might consider upgrading to the SuSEfirewall2
supplied with SuSE Linux 8.1, which allows exactly that:
# [...]
# Optional is a port after the destination port, to redirect the request to
# a different destination port on the destination IP, e.g.
# "4.0.0.0/8,1.1.1.1,tcp,80,81"
#
# Optional is an target IP address on which should the masquerading be decided.
# You have to set the optional port option to use this.
#
# Example:
# 200.200.200.0/24,10.0.0.10,tcp,80,81,202.202.202.202
# The class C network 200.200.200.0/24 trying to access 202.202.202.202 port
# 80 will be forwarded to the internal server 10.0.0.10 on port 81.
For you that would be "source_ip,interior_destination_ip,protocol,
portnumber,portnumber (again),firewalls_external_ip". Please note
that a few other things have changed with the new firewall script,
most notably the FW_SERVICE_{DNS,DHCLIENT,DHCPD,SQUID,SAMBA} options.
If you don't want to or cannot upgrade, I could send you a modified
/sbin/SuSEfirewall2 which includes *only* the above mentioned
FW_FORWARD_MASQ semantics from the new version.
Regards, Andy
- --
Andreas J. Mueller email: