thr3ads.net - Shorewall users - [Shorewall-users] do i need rules for loc to net when using MASQ ? [Sep 2002]

If this information is useful, please help other people find it:
Share via:

Andreas Bittner

2002-Sep-09 22:49 UTC

[Shorewall-users] do i need rules for loc to net when using MASQ ?

Hello all,

still working on my "give only certain 192.168.x.x hosts on my loc MASQ
access to inet"-problem..

so i understand now that i add for example two lines to /etc/shorewall/masq

#INTERFACE              SUBNET          ADDRESS
eth0                    192.168.200.150                                     #
dnat box1 on LAN
eth0                    192.168.200.151                                     #
dnat box2 on LAN

can i actually comma separate these 192.168.200.15x addresses or more into one
line?

(the other boxes in the 192.168.200.x range are only allowed through proxies)

So do i need to add rules now in the /etc/shorewall/rules file for giving these
two hosts now access to ftp on the internet?

for example:
ACCEPT loc net tcp ftp
ACCEPT loc net tcp ftp-data

or am i getting this NAT/MASQ stuff all wrong?

Thanks,
Andy

Shorewall users - Sep 2002 - do i need rules for loc to net when using MASQ ?

[Shorewall-users] do i need rules for loc to net when using MASQ ?