Hello ! Using Shorewall, is it possible to configure all types of NAT ? Eg. Full Cone, Restricted Cone, Port Restricted Cone and Symmetric ? Or does one need to actually enter iptables commands to configure some ? Thanks for any suggestions/hints/comments ! ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
On 8/3/10 5:20 PM, lanas wrote:> Hello ! > > Using Shorewall, is it possible to configure all types of NAT ? Eg. > Full Cone, Restricted Cone, Port Restricted Cone and Symmetric ? Or > does one need to actually enter iptables commands to configure some ?http://p.sf.net/sfu>> Thanks for any suggestions/hints/comments !Shorewall supports all forms of NAT supported by iptables without having to enter iptables commands. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
On Tue, 03 Aug 2010 20:19:35 -0700, Tom Eastep <teastep@shorewall.net> wrote :> On 8/3/10 5:20 PM, lanas wrote: > > Using Shorewall, is it possible to configure all types of NAT ? Eg. > > Full Cone, Restricted Cone, Port Restricted Cone and Symmetric ? Or > > does one need to actually enter iptables commands to configure > > some ? > > Thanks for any suggestions/hints/comments !> Shorewall supports all forms of NAT supported by iptables without > having to enter iptables commands.Are there howtos out there about how to configure the different NAT cones using Shorewall ? - Thanks ! ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
On 8/4/10 2:15 AM, lanas wrote:> > Are there howtos out there about how to configure the different > NAT cones using Shorewall ? - Thanks ! >No. I rarely encounter the "cone" terminology among Linux users; I can recall only one other time in the last nine years when someone used that terminology on this list. The master Shorewall documentation index may be found at http://www.shorewall.net/Documentation_Index.html. A number of articles there deal with various NAT issues: - The multi-interface HOWTOs linked from "Beginner Documentation". - DNAT - Masquerading - Network Mapping - One-to-One NAT and Static NAT (Point to same document) - Port Forwarding - FAQs (There is a "Port Forwarding" section that covers various topics such as "hairpinning"). The shorewall-masq (5), shorewall-nat (5), shorewall-netmap (5) and shorewall-rules (5) manpages should also be helpful. In general in Netfilter, all forms of SNAT (configured in /etc/shorewall/masq) require that a local client first send a packet before a response is accepted; responses are accepted only from the target of the outgoing packet. DNAT- and REDIRECT- rules in /etc/shorewall/rules enable incoming packets to have their destination address and/or destionation port to be rewritten. In this case, outgoing responses are enabled by the first incoming packet. Entries in /etc/shorewall/nat enable both forms. Entries in /etc/shorewall/netmap enable SNAT or DNAT on an entire subnet. Hope this helps. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
On Wed, 04 Aug 2010 06:56:26 -0700, Tom Eastep <teastep@shorewall.net> wrote :> On 8/4/10 2:15 AM, lanas wrote:> > Are there howtos out there about how to configure the different > > NAT cones using Shorewall ? - Thanks !> No. I rarely encounter the "cone" terminology among Linux users; I can > recall only one other time in the last nine years when someone used > that terminology on this list.[...]> In general in Netfilter, all forms of SNAT (configured in > /etc/shorewall/masq) require that a local client first send a packet > before a response is accepted; responses are accepted only from the > target of the outgoing packet.[...] Thank you very much for the details - it''s appreciated ! ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can''t live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev