Hi I have using a Bering (LRP) box with shorewall, and I must enable IP masquedare only a few hosts on my network. I want to enable only masquerade from 192.168.0.2 to 192.168.0.25. What I must do ? I known that I have to configure the /etc/shorewall/masq file, but I don''t known how. Thanks in advance.
--On Friday, January 03, 2003 03:41:52 PM -0300 Roberto Pereyra <rpereyra@urdi.com.ar> wrote:> Hi > > I have using a Bering (LRP) box with shorewall, and I must enable > IP masquedare only a few hosts on my network. > > I want to enable only masquerade from 192.168.0.2 to 192.168.0.25. > > What I must do ? > > I known that I have to configure the /etc/shorewall/masq file, but > I don''t known how. >2 - 25 is an awkward range -- always better to do this with powers of two if you can arrange it. Nevertheless: eth0 192.168.0.2/31 # 2-3 eth0 192.168.0.4/30 # 4-7 eth0 192.168.0.8/29 # 8-15 eth0 192.168.0.16/29 # 16-23 eth0 192.168.0.24/31 # 24-25 Contrast this with a setup where you masquerade 192.168.0.32-63 eth0 192.168.0.32/27 As I saw in an email signature the other day: "There are only 10 kinds of people in the world; those who understand binary and those who don''t" -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
Thanks tom Can I write two or more lines in /etc/shorewall/masq with the same interface ? eth0 192.168.0.2/31 eth0 192.168.0.4/30 ..................... eth0 192.168.0.24/31 That''s works ?? Thanks Tom, happy new year !! roberto pereyra (from argentine) On Fri, Jan 03, 2003 at 10:58:27AM -0800, Tom Eastep wrote:> > > --On Friday, January 03, 2003 03:41:52 PM -0300 Roberto Pereyra > <rpereyra@urdi.com.ar> wrote: > > > Hi > > > > I have using a Bering (LRP) box with shorewall, and I must enable > > IP masquedare only a few hosts on my network. > > > > I want to enable only masquerade from 192.168.0.2 to 192.168.0.25. > > > > What I must do ? > > > > I known that I have to configure the /etc/shorewall/masq file, but > > I don''t known how. > > > > 2 - 25 is an awkward range -- always better to do this with powers of two > if you can arrange it. > > Nevertheless: >> eth0 192.168.0.2/31 # 2-3 > eth0 192.168.0.4/30 # 4-7 > eth0 192.168.0.8/29 # 8-15 > eth0 192.168.0.16/29 # 16-23 > eth0 192.168.0.24/31 # 24-25 > > Contrast this with a setup where you masquerade 192.168.0.32-63 > > eth0 192.168.0.32/27 > > As I saw in an email signature the other day: > > "There are only 10 kinds of people in the world; those who understand> binary and those who don''t" > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://shorewall.sf.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users
--On Friday, January 03, 2003 04:45:13 PM -0300 Roberto Pereyra <rpereyra@urdi.com.ar> wrote:> Thanks tom > > Can I write two or more lines in /etc/shorewall/masq with the same > interface ? > > eth0 192.168.0.2/31 > eth0 192.168.0.4/30 > ..................... > eth0 192.168.0.24/31 > > That''s works ??Yes -- that works.> > Thanks Tom, happy new year !! >You''re welcome and Happy New Year. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net