hi, i''d like to natmap on our firewall from 1.2.3.0/24 to 1.2.4.0/24, but only in that case if the destination is in 2.3.4.0/24,2.3.5.0/24. is it possible somehow? currently i can''t specify destination in netmap file. and there is no such rule as NETMAP in rules? so what can i do? thanks in advance. regards. ps. anyway there is a bug in masq file handling. since if i specify eth0:2.3.4.0/24,2.3.5.0/24 in the first column it will only use 2.3.4.0/24 in the iptables commands. so it''s definitely a bug. -- Levente "Si vis pacem para bellum!" ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
On 06/10/2010 04:47 PM, Farkas Levente wrote:> hi, > i''d like to natmap on our firewall from 1.2.3.0/24 to 1.2.4.0/24, but > only in that case if the destination is in 2.3.4.0/24,2.3.5.0/24. is it > possible somehow? currently i can''t specify destination in netmap file. > and there is no such rule as NETMAP in rules? so what can i do? > thanks in advance. > regards.just a side note: it''s possible with iptables so it''d be useful to add to shorewall netmap support.> ps. anyway there is a bug in masq file handling. since if i specify > eth0:2.3.4.0/24,2.3.5.0/24 in the first column it will only use > 2.3.4.0/24 in the iptables commands. so it''s definitely a bug.i look into this too and imho it''s a bug in the current version. -- Levente "Si vis pacem para bellum!" ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
On 6/10/10 2:45 PM, Farkas Levente wrote:> On 06/10/2010 04:47 PM, Farkas Levente wrote: >> >> ps. anyway there is a bug in masq file handling. since if i specify >> eth0:2.3.4.0/24,2.3.5.0/24 in the first column it will only use >> 2.3.4.0/24 in the iptables commands. so it''s definitely a bug. > > i look into this too and imho it''s a bug in the current version. > >I''m unable to reproduce this; if I list two addresses, I get two iptables rules; one with each address. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
On 6/10/10 7:47 AM, Farkas Levente wrote:> hi, > i''d like to natmap on our firewall from 1.2.3.0/24 to 1.2.4.0/24, but > only in that case if the destination is in 2.3.4.0/24,2.3.5.0/24. is it > possible somehow? currently i can''t specify destination in netmap file. > and there is no such rule as NETMAP in rules? so what can i do? > thanks in advance. >I assume that you want this capability in SNAT NETMAP rules? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
On 06/12/2010 10:09 PM, Tom Eastep wrote:> On 6/10/10 7:47 AM, Farkas Levente wrote: >> hi, >> i''d like to natmap on our firewall from 1.2.3.0/24 to 1.2.4.0/24, but >> only in that case if the destination is in 2.3.4.0/24,2.3.5.0/24. is it >> possible somehow? currently i can''t specify destination in netmap file. >> and there is no such rule as NETMAP in rules? so what can i do? >> thanks in advance. >> > > I assume that you want this capability in SNAT NETMAP rules?both in snat and dnat case! the full story is that we use 192.168.0.0/24 as our private network, but we''ve to connect to a remote network with ipsec. they also use the same network internally, so they assume we use 172.22.80.0/24. so i''d like to netmap our network but only that case if the source/destination is in her network (which is a dozen of private and public network range). -- Levente "Si vis pacem para bellum!" ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
On 6/12/10 1:23 PM, Farkas Levente wrote:> On 06/12/2010 10:09 PM, Tom Eastep wrote: >> On 6/10/10 7:47 AM, Farkas Levente wrote: >>> hi, >>> i''d like to natmap on our firewall from 1.2.3.0/24 to 1.2.4.0/24, but >>> only in that case if the destination is in 2.3.4.0/24,2.3.5.0/24. is it >>> possible somehow? currently i can''t specify destination in netmap file. >>> and there is no such rule as NETMAP in rules? so what can i do? >>> thanks in advance. >>> >> >> I assume that you want this capability in SNAT NETMAP rules? > > both in snat and dnat case! > the full story is that we use 192.168.0.0/24 as our private network, but > we''ve to connect to a remote network with ipsec. they also use the same > network internally, so they assume we use 172.22.80.0/24. so i''d like to > netmap our network but only that case if the source/destination is in > her network (which is a dozen of private and public network range). >Git commit d58127e51c65688876f4d183a836222d470294d6 should do what you want. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo