thr3ads.net - Shorewall users - static nat address [Jan 2005]

If this information is useful, please help other people find it:
Share via:

varun_saa@vsnl.net

2005-Jan-08 15:33 UTC

static nat address

Hello,> My server is on Mandrake 10.1 off.
> eth0 is WAN with static IP connected 512 DSL
> eth1 is LAN.
I need a little clarification on static nat
settings in shorewall.

external address - static IP

internal address - ?

for the internal address should I put my eth1 IP
or the general subnet range. For example 192.168.0.0.

I am also not sure about :

Active for firewall system? yes / no.

What does it mean ?

Thanks

Varun

Tom Eastep

2005-Jan-08 15:44 UTC

head link

Re: static nat address

varun_saa@vsnl.net wrote:> Hello,
> 
>>My server is on Mandrake 10.1 off.
>>eth0 is WAN with static IP connected 512 DSL
>>eth1 is LAN.
> 
> 
> I need a little clarification on static nat
> settings in shorewall.
> 
> external address - static IP
> 
> internal address - ?
If you only have one static external address, YOU CANNOT USE ONE-TO-ONE
(STATIC) NAT You must use SNAT (/etc/shorewall/masq) and DNAT rules.

If you have more than one (static) public IP address then you can use
''one-to-one'' NAT with your secondary IP addresses. The
Shorewall Setup
Guide (http://shorewall.net/shorewall_setup_guide.htm) goes to great
length to describe how to set it up.
> for the internal address should I put my eth1 IP
> or the general subnet range. For example 192.168.0.0.
IT DOESN''T MAKE ANY SENSE UNLESS THE INTERNAL ADDRESS IS IN ONE OF THE
RFC 1918 PRIVATE RANGES.
> Active for firewall system? yes / no.
"Yes" means that traffic from the firewall itself addressed to the
external IP address (which is an address *on the firewall*) will be
redirected to the internal system.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

varun_saa@vsnl.net

2005-Jan-10 04:27 UTC

head link

Re: static nat address

----- Original Message -----
From: Tom Eastep <teastep@shorewall.net>
Date: Saturday, January 8, 2005 9:14 pm
Subject: Re: [Shorewall-users] static nat address
> varun_saa@vsnl.net wrote:
> > Hello,
> > 
> >>My server is on Mandrake 10.1 off.
> >>eth0 is WAN with static IP connected 512 DSL
> >>eth1 is LAN.
> > 
> > 
> > I need a little clarification on static nat
> > settings in shorewall.
> > 
> >> 
> If you only have one static external address, YOU CANNOT USE ONE-TO-
> ONE(STATIC) NAT You must use SNAT (/etc/shorewall/masq) and DNAT 
> rules.
> 
>   
> -Tom
Thanks a lot Tom,

          Phew! I think I got working.

Varun

Seemingly Similar Threads

Search for more possibly parallel threads

Shorewall users - Jan 2005 - static nat address

static nat address

Re: static nat address

Re: static nat address

Seemingly Similar Threads