I must be having a brain fart, can''t figure this out. Somehow I want traffic to private IP from a private IP on the same subnet to be forwarded to an external IP but using the NAT engine of the private zone? Does that make any sense? How would I do that? The private IP on the same subnet will be a VPN connection and therefore will not use the VPN connection for the default route.
Matt Burleigh wrote:> I must be having a brain fart, can''t figure this out. Somehow I want > traffic to private IP from a private IP on the same subnet to be > forwarded to an external IP but using the NAT engine of the private > zone? Does that make any sense?Yes. Suppose that: a) your internal internal interface is eth1. b) eth1''s IP address is 192.168.1.254 c) You want traffic from 192.168.1.0/24 to 192.168.1.250 to be forwarded to external IP 192.0.2.129. Then in /etc/shorewall/nat: 192.168.1.250 eth1 192.0.2.129 If you set ADD_IP_ALIASES=Yes in /etc/shorewall/conf, Shorewall will add 192.168.1.250 as an address on eth1 for you. It''s backward to the way that you normally think about NAT but it will work. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> Matt Burleigh wrote: > >> I must be having a brain fart, can''t figure this out. Somehow I want >> traffic to private IP from a private IP on the same subnet to be >> forwarded to an external IP but using the NAT engine of the private >> zone? Does that make any sense? > > > Yes. > > Suppose that: > > a) your internal internal interface is eth1. > b) eth1''s IP address is 192.168.1.254 > c) You want traffic from 192.168.1.0/24 to 192.168.1.250 to be > forwarded to external IP 192.0.2.129. > > Then in /etc/shorewall/nat: > > 192.168.1.250 eth1 192.0.2.129 > > If you set ADD_IP_ALIASES=Yes in /etc/shorewall/conf, Shorewall will > add 192.168.1.250 as an address on eth1 for you. It''s backward to the > way that you normally think about NAT but it will work.You rock! Worked like a charm.