[Shorewall-newbies] Dual DNAT and SNAT (missing info)

Niels Kristian Jensen nkj at internetgruppen.dk
Sat Jan 3 19:14:04 PST 2004

Hi again all,

I didn't provide all the requested info last time, please excuse me.

The task is to replace an existing firewall (monthly fees) with shorewall.

I'm using the 1.4.8 release, not the newly announced .9 BETA

My network is connected to a router which handles the subnet which is connected to eth0 on the firewall 
and is called "net" zone.

I can not use one-to-one NAT because of the dual DNAT from two external 
IP's to one internal IP.

I can not switch to proxyarp due to some programs running on the servers 
with built-in assumptions of server IP's in the DMZ.

The answer :

seems close - but can I set up dual incomming DNAT (to one internal IP) 
as well as one-to-one NAT using the "masq" file and still make a special 
case out of the outgoing domain traffic?

Have a great new year.

Best regards,
Niels Kristian Jensen

More information about the Shorewall-newbies mailing list