Hi list, I have this request from a client''s - client side .... 2-3 of my users ( located in the LOC zone ) when they access the remote clients server, each one of them should be snat-ed with a distinct public IP from my pool. While the easy way out of this smells like proxyarp case I would like to avoid it with an SNAT rule ... ?? Your suggestions will be highly appreciated ... Regards, Harry ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
On 6/14/10 3:05 AM, Harry Lachanas wrote:> Hi list, > > I have this request from a client''s - client side .... > > 2-3 of my users ( located in the LOC zone ) when they access the remote > clients server, > each one of them should be snat-ed with a distinct public IP from my > pool. > > While the easy way out of this smells like proxyarp case I would like to > avoid it with an > > SNAT rule ... ??Yes -- SNAT rules in /etc/shorewall/masq. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
>> Hi list, >> >> I have this request from a client''s - client side .... >> >> 2-3 of my users ( located in the LOC zone ) when they access the remote >> clients server, >> each one of them should be snat-ed with a distinct public IP from my >> pool. >> >> While the easy way out of this smells like proxyarp case I would like to >> avoid it with an >> >> SNAT rule ... ?? >> > > Yes -- SNAT rules in /etc/shorewall/masq. > > -Tom >Thanks However I see no "--destination ( iptables commad line ) " equivalent column in /etc/shorewall/masq file. Is there a reason for not providing one ?? Is there a way to specify the rule "when accesing remote server X snat as xx.xx.xx.xx" ?? Regards Harry. ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
On 6/18/10 11:31 PM, Harry Lachanas wrote:> Thanks > However I see no "--destination ( iptables commad line ) " equivalent > column in /etc/shorewall/masq file. > Is there a reason for not providing one ?? > Is there a way to specify the rule > "when accesing remote server X snat as xx.xx.xx.xx" ??''man shorewall-masq'' and search for ''destination''. It is specified in the first column, separated from the interface name by '':''. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo