Hello,> My server is on Mandrake 10.1 off. > eth0 is WAN with static IP connected 512 DSL > eth1 is LAN.I am little confused about NAT. I have a static IP from ISP I want to do a NAT on eth0. What should I use in shorewall masquerading or static nat ? Thanks Varun
varun_saa@vsnl.net wrote:> Hello, > >>My server is on Mandrake 10.1 off. >>eth0 is WAN with static IP connected 512 DSL >>eth1 is LAN. > > > I am little confused about NAT. > > I have a static IP from ISP > > I want to do a NAT on eth0. > > What should I use in shorewall masquerading or static nat ? >You should use SNAT which does not mean "static nat" but rather means SOURCE NETWORK ADDRESS TRANSLATION. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
----- Original Message ----- From: Tom Eastep <teastep@shorewall.net> Date: Friday, January 7, 2005 8:48 pm Subject: Re: [Shorewall-users] masq or static nat> varun_saa@vsnl.net wrote: > > Hello, > > > >>My server is on Mandrake 10.1 off. > >>eth0 is WAN with static IP connected 512 DSL > >>eth1 is LAN. > > > > > > I am little confused about NAT. > > > > I have a static IP from ISP > > > > I want to do a NAT on eth0. > > > > What should I use in shorewall masquerading or static nat ? > > > > You should use SNAT which does not mean "static nat" but rather means > SOURCE NETWORK ADDRESS TRANSLATION. > > -Tom > -- > Hello Tom,If I only use masq or static nat then client system can''t send or recieve mails. If I use both together then clients can send and recieve mails. I don''t know if it is correct to do that ? In both cases my squid proxy works well. The moment I use static nat and save and restart shorewall my eth0 is shown as down. If you remember my earlier post on "shorewall shutting down eth0 ". I have restart network and then everything works fine. Please correct me if I am doing things the wrong way Thanks for your time varun
varun_saa@vsnl.net wrote:>> Please correct me if I am doing things the wrong way > > Thanks for your timeI think it is time for you to go to http://www.shorewall.net/ and click on "Support" in the left frame. You really aren''t providing enough information with just describing things the way you are. -- "A common mistake that people make when trying to design something completely foolproof was to underestimate the ingenuity of complete fools." --Ford Prefect in "Mostly Harmless".