Help - Search - Members - Calendar
Full Version: How does one use dnat in APF?
The Planet Forums > Security > General Security
dynamicnet
Aug 30 2008, 02:04 PM
Greetings:

We are considering switching from Bastille's management of iptables to APF.

One of the features Bastille has is the ability to have bastille automatically run shell scripts (pre and post), and we use that feature to set up dnat to allow alternate ports to our mail server.

The base command is as follows:

iptables -t nat -A PREROUTING -p tcp --dport 2525 -i eth0 -j DNAT --to [our mail server ip without brakets]:25


Maybe I missed something, but I cannot find an area in /etc/apf where to set up the above command.

Is this something APF can do? If so, where and how?

Thank you.
dynamicnet
Sep 3 2008, 08:47 AM
Greetings:

We worked this out by editing /etc/apf/preroute.rules and after the "# place your custom routing rules below" comment putting the full command using the full path to the iptables binary.

Thank you.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.