-----BEGIN PGP SIGNED MESSAGE----- Hi Neal! Sorry if I'm a little bit late on your specific problem, but nevertheless:
If only the FW_FORWARD_MASQ supported the concept of three addresses such as: source_ip,firewalls_external_ip,interior_destination_ip,protocol,portnumber
Well, in that case you might consider upgrading to the SuSEfirewall2 supplied with SuSE Linux 8.1, which allows exactly that: # [...] # Optional is a port after the destination port, to redirect the request to # a different destination port on the destination IP, e.g. # "4.0.0.0/8,1.1.1.1,tcp,80,81" # # Optional is an target IP address on which should the masquerading be decided. # You have to set the optional port option to use this. # # Example: # 200.200.200.0/24,10.0.0.10,tcp,80,81,202.202.202.202 # The class C network 200.200.200.0/24 trying to access 202.202.202.202 port # 80 will be forwarded to the internal server 10.0.0.10 on port 81. For you that would be "source_ip,interior_destination_ip,protocol, portnumber,portnumber (again),firewalls_external_ip". Please note that a few other things have changed with the new firewall script, most notably the FW_SERVICE_{DNS,DHCLIENT,DHCPD,SQUID,SAMBA} options. If you don't want to or cannot upgrade, I could send you a modified /sbin/SuSEfirewall2 which includes *only* the above mentioned FW_FORWARD_MASQ semantics from the new version. Regards, Andy - -- Andreas J. Mueller email: <andy@muelli.net> PGP RSA Public Key ID 0x3D41D941 FP: ED261973D51D3D20 C840B0542E69F602 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) iQC9AwUBPef2KfobN5o9QdlBAQEe/AU/cJPUfZ4i4gfmcWw6xTKnHm5es/c1qAmq tveBnxYuCaUSKgXELJ2PYT7MDmyTxGoJaer+YYSSgfV2MmRTy+D2D9Dza6GSzYCd 6xZEguFrkm99au0dRKt/ivYp/wQqdfYZt4IooOJTfERFX5UdVhk5oIyKqHzK2wvV ErlGqTrkPgXs7TfRyOCsb7i0GOzDDmlD3m2+lh8ZoreH0dvJ5dlXGFon8zLdAHQO =/lw8 -----END PGP SIGNATURE-----