[Ferm] Request for help with port forward
András Kovács
Andras.Kovacs at teleconnect.hu
Mon Jan 16 14:40:37 CET 2012
Dear All,
I am using FERM and I really appreciate this great tool. Makes me no headache to understand my own firewall rules. :)
I am implementing a NAT network, where packets sent to the network to a specific port are needed to be forwarded to an other internal IP and port.
Ferm version: 2.0.7-1 (as part of Debian squeeze)
I adapted the tiny example provided in FERM docs:
http://ferm.foo-projects.org/download/2.1/ferm.html#easy_port_forwarding
My function looks like this:
@def &FORWARD_LAN($dest, $proto, $port_external, $port_internal) = {
table filter chain FORWARD interface $DEV_INTERNET outerface $DEV_LAN daddr $dest proto $proto dport $port_internal ACCEPT;
table nat chain PREROUTING interface $DEV_INTERNET daddr $NET_NAT_STATIC proto $proto dport $port_external DNAT to $dest:$port_internal;
}
($NET_NAT_STATIC would be the external global IP of the firewall)
It gives this error message:
"dport
(
smtp
)
DNAT to $ dest: <--
variable name expected - if you want to concatenate strings, try using double quotes"
I thought concatenation would help FERM to understand the syntax:
table nat chain PREROUTING interface $DEV_INTERNET daddr $NET_NAT_STATIC proto $proto dport $port_external DNAT to @CAT($dest,":",$port_internal);
"dport
(
smtp
)
DNAT to @CAT <--
unknown ferm built-in function"
Which is weird as documentation is referring to @cat function.
Could you please give me a hint to step forward with this and to be able to forward an external packet to a specific internal port? I find no clue in current docs and man pages.
Thank you very much.
Best regards,
Andras Kovacs
More information about the Ferm
mailing list