Hello, using plain iptables I can do something like this: iptables -t nat -A POSTROUTING -o <extif> -j ACCEPT -d <our-rfc1918-net> iptables -t nat -A POSTROUTING -o <extif> -j ACCEPT -d <our-global-unicast-net iptables -t nat -A POSTROUTING -o <extif> -j SNAT --to <global-unicast-ip-of-extif> This will do SNAT for any target but our local networks. Is it possible to do something like this with shorewall as well? Sven -- "Those who do not understand Unix are condemned to reinvent it, poorly" (Henry Spencer) /me is giggls@ircnet, http://sven.gegg.us/ on the Web ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
Duarte Fernandes Rocha
2012-Sep-20 14:35 UTC
Re: Doing NAT to anything but local addresses?
Hello, You could use the NONAT option in http://shorewall.net/manpages/shorewall-masq.html I had a similar problem a few weeks ago :) /etc/shorewall/masq <intif>:<our-rfc1918-net>,<our-global-unicast-net> NONAT <intif> <extif> regards, ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
Duarte Fernandes Rocha <dfr@eurotux.com> wrote:> You could use the NONAT optionThanks, nonat was the key. This works for me: <extif>:<targetnet1>,<targetnet2>,... - NONAT <extif> <sourcenet> <pubip> Sven -- Um Kontrolle Ihres Kontos wiederzugewinnen, klicken Sie bitte auf das Verbindungsgebrüll. (aus einer Ebay fishing Mail) /me is giggls@ircnet, http://sven.gegg.us/ on the Web ------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users