Topic: Custom port forward

[andyw4]

Hi

Can anyone point me in the right direction of how to port forward a protocol other than TCP/UDP in Sme Server 8.0?

I can't do it via the web interface, so I guess I'm going to need to do it via the command line, but I don't know where to look.

I need a rule along the lines of:

-s 1.1.1.1 -d 2.2.2.2 -p ipv6-crypt -j ACCEPT

Thanks

A.

[CharlieBrady]

Your only way to do this would be by custom template

I need a rule along the lines of:

-s 1.1.1.1 -d 2.2.2.2 -p ipv6-crypt -j ACCEPT

Such a rule doesn't do any forwarding. Assuming your external IP address is 2.2.2.2, then that rule would allow those packets through the iptables firewall, where SME server would then presumably reject them, because no software is waiting to deal with such a packet. If your external IP address is not 2.2.2.2, you wouldn't expect any such packets to arrive - the Internet wouldn't route those packets to your server.

What problem are you trying to solve?

[andyw4]

It does when it's combined with

-i eth1 -p ipv6-crypt -j DNAT --to-destination 192.168.10.10

added to the POSTROUTING chain.

I'm forwarding IPSEC traffic on to a PIX box internally that's handling a VON for en external support company. I know. I wouldn't have done it like this, but this is how the customer wants it, and how they had it with their SME 7.6 box.

The question is not what I'm trying to do, it's the original question - how do I add iptables rules that can not be handled by by the web interface?

A.

A.

[CharlieBrady]

how do I add iptables rules that can not be handled by by the web interface?

I answered that question. Your only way to do this would be by custom template.

[janet]

andyw4

Re adding a custom template for iptables rules:

A perusal of the available documentation on contribs.org would steer you here
http://wiki.contribs.org/Template_Tutorial#masq
and here
http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual#Configuration_file_templates