> Our internal users need to connect to the bank to do internet banking.
> The bank requires that the client computers connect to ports
> 15000-15010.
>
> In Shorewall how do I do a masq for anyone trying to connect to these
> ports?
One of us seems to be confused a little bit... ;)
If I get that right, basically you just want an entry in the masq file
(which you should have already, if I remember a previous thread
correctly).
The above is sufficient only, if you do allow all outgoing connections
as a policy for the masqueraded network. If you don''t, you just need an
additional rule to ACCEPT connections from the masqueraded network to
the net for the above port range.
Caveat: Assuming NAPT (Network Address and Port Translation) will work,
and the bank does not stupidly enforce the client to use the very same
ports as well. In the latter case you would need NAT (as specified way
earlier), which in turn needs a dedicated IP for any client connecting
to the bank (or at least as much public IPs as concurrent connections
may occur). IIRC you got one public IP, right?
HTH
karsten
--
Davision - Atelier fuer Gestaltung / Internet / Multimedia
UNIX / Linux Netzwerke und Schulungen
Telefon 06151/273859 Fax 06151/273862