On Thursday 10 January 2002 10:31 am, huytu@mail.com wrote:> Dear shorewall-users, > My MASQ command is below: > iptables -A POSTROUTING -s 10.20.1.0/255.255.255.0 -o eth3 -j MASQUERADE > > And i want to only : > iptables -A POSTROUTING -s 10.20.1.0/255.255.255.0 -j MASQUERADE > > > Can i do it with Shorewall ?Why are you using iptables commands for MASQUERADE with Shorewall? You=20 specify masquerading in /etc/shorewall/masq and you can COMPLETELY control=20 which subnets get masqueraded to which interfaces using that file. -Tom --=20 Tom Eastep \ A Firewall for Linux 2.4.* AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net -------------------------------------------
On Thursday 10 January 2002 01:05 pm, huytu@mail.com wrote:> Dear Tom, > I sorry for my explain unclear.I use masq in Shorewall .That is just > the command when i use iptables-save >> test.text to show. > I mean that i want to Masq with 1 interface that not be the > internet-interface .Can i ?Yes.> Because i did that masq my local-subnet to dmz-interface(eth1) which > have real-IP ,not internet-interface(eth0) which have unoffical-IP,it > can do with Shorewall ?Yes -- but you don''t need to masquerade your local->dmz interface just=20 because your DMZ has a ''real'' ip. My DMZ also has a host with a non-RFC1918=20 IP address and I don''t use masquerade there. Please look at the documentation for /etc/shorewall/masq and at the comments=20 in that file. It will tell you exactly how to masquerade any host or subnet=20 through any interface. -Tom --=20 Tom Eastep \ A Firewall for Linux 2.4.* AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net -------------------------------------------
Dear shorewall-users, My MASQ command is below: iptables -A POSTROUTING -s 10.20.1.0/255.255.255.0 -o eth3 -j MASQUERADE And i want to only : iptables -A POSTROUTING -s 10.20.1.0/255.255.255.0 -j MASQUERADE Can i do it with Shorewall ? -- Best regards, huytu mailto:huytu@mail.com
Dear Tom, I sorry for my explain unclear.I use masq in Shorewall .That is just the command when i use iptables-save >> test.text to show. I mean that i want to Masq with 1 interface that not be the internet-interface .Can i ? Because i did that masq my local-subnet to dmz-interface(eth1) which have real-IP ,not internet-interface(eth0) which have unoffical-IP,it can do with Shorewall ? -- Best regards, T.Q.Huy mailto:huytu@hcmc.netnam.vn Wednesday, January 09, 2002, 9:05:22 PM, you wrote: TE> On Thursday 10 January 2002 10:31 am, huytu@mail.com wrote:>> Dear shorewall-users, >> My MASQ command is below: >> iptables -A POSTROUTING -s 10.20.1.0/255.255.255.0 -o eth3 -j MASQUERADE >> >> And i want to only : >> iptables -A POSTROUTING -s 10.20.1.0/255.255.255.0 -j MASQUERADE >> >> >> Can i do it with Shorewall ?TE> Why are you using iptables commands for MASQUERADE with Shorewall? You TE> specify masquerading in /etc/shorewall/masq and you can COMPLETELY control TE> which subnets get masqueraded to which interfaces using that file. TE> -Tom