From 8fd63bf59986b504f2ae22485db1178919f27a72 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 13 Mar 2008 00:04:31 +0000
Subject: [PATCH] Add FAQ 1g

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8284 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 docs/FAQ.xml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/docs/FAQ.xml b/docs/FAQ.xml
index 18969d97c..9a63faabe 100644
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -493,6 +493,33 @@ eth1:192.168.1.4        0.0.0.0/0          192.168.1.1        tcp           21</
         to reply back through the Shorewall system who can then rewrite the
         SOURCE IP address in the responses properly.</para>
       </section>
+
+      <section id="faq1g">
+        <title>(FAQ 1g) I would like to redirect port 80 on my public IP
+        address (206.124.146.176) to port 993 on internet host 66.249.93.111
+        </title>
+
+        <para><emphasis role="bold">Answer</emphasis>: This requires a vile
+        hack similar to the one in <link linkend="faq2">FAQ 2</link>. Assuming
+        that your Internet zone is named <emphasis>net</emphasis> and connects
+        on interface <filename class="devicefile">eth0</filename>:</para>
+
+        <para>In <filename>/etc/shorewall/rules</filename>:<programlisting>#ACTION    SOURCE        DEST                   PROTO    DEST PORT   SOURCE    ORIGINAL
+#                                                                    PORT      DEST.
+DNAT       net           net:66.249.93.111:993  tcp      80          -         206.124.146.176</programlisting></para>
+
+        <para>In <filename>/etc/shorewall/interfaces</filename>, specify the
+        <emphasis role="bold">routeback</emphasis> option on
+        eth0:<programlisting>#ZONE      INTERFACE     BROADCAST            OPTIONS
+net        eth0          detect               <emphasis role="bold">routeback</emphasis></programlisting></para>
+
+        <para>And in <filename>/etc/shorewall/masq</filename>;<programlisting>#INTERFACE          SOURCE      ADDRESS          PROTO        PORT
+eth0:66.249.93.111  0.0.0.0/0   206.124.146.176  tcp          993</programlisting></para>
+
+        <para>Like the hack in FAQ 2, this one results in all forwarded
+        connections looking to the server (66.249.93.11) as if they originated
+        on your firewall (206.124.146.176).</para>
+      </section>
     </section>
 
     <section id="faq30">