Shorewall users - Feb 2003 - 2nd Shorewall box and masq

I have Internet Access on one of my subnets, and have added a shorewall box
to it. I would like to dnat the email traffic to my mail server. I have my
dnat rule applied and can see the traffic at the mail server, but it carries
the address of the external client. I would like to masq the traffic so that
it has the IP of the internal interface of the Shorewall box, and hopefully
solve a lot of routing problems. I have tried "eth1 eth1" in my masq
file,
but that doesnt seem to work. What is the correct way to masq this
dnat''ed
traffic?
Thanks for your time!
Steve

nt4admin wrote:
> I have Internet Access on one of my subnets, and have added a shorewall box
> to it. I would like to dnat the email traffic to my mail server. I have my
> dnat rule applied and can see the traffic at the mail server, but it
carries
> the address of the external client. I would like to masq the traffic so
that
> it has the IP of the internal interface of the Shorewall box, and hopefully
> solve a lot of routing problems. I have tried "eth1 eth1" in my
masq file,
> but that doesnt seem to work. What is the correct way to masq this
dnat''ed
> traffic?
In your DNAT rule:

DNAT net loc:<server ip> tcp smtp - <external fw ip>:<internal fw
IP>

Note that you will NOT be able to do RBL filtering on incoming mail with 
this setup.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net