Shorewall users - Dec 2002 - DNAT subnet

Hello,

i have started using shorewall with ipsec and it works great...

i have read that i can not use DNAT to forward a subnet..???

does someone know how can i make this

10.2.67.0/24 -> 192.168.0.0/24

it is used by ssh sentinel to forward ipsec traffic using is virtual ip.=20
--=20
Opensides sprl
Benoit Mortier - Linux Engineer

--On Friday, December 06, 2002 08:42:19 AM +0100 Benoit Mortier 
<benoit.mortier@opensides.be> wrote:
> Hello,
>
> i have started using shorewall with ipsec and it works great...
>
> i have read that i can not use DNAT to forward a subnet..???
>
> does someone know how can i make this
>
> 10.2.67.0/24 -> 192.168.0.0/24
As I recall, there is a patch in the NetFilter "Patch-o-Matic" that
does
this. As with all Patch-o-Matic features, there is no support for it in 
Shorewall.
>
> it is used by ssh sentinel to forward ipsec traffic using is virtual ip.
>
Using Shorewall, you would have to code 254 separate DNAT rules.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://shorewall.sf.net
ICQ: #60745924  \ teastep@shorewall.net