[Shorewall-users] design issue?

Tom Eastep teastep@shorewall.net
Fri, 12 Apr 2002 16:31:26 -0700 (Pacific Daylight Time)


On Fri, 12 Apr 2002, David Smead wrote:

> Tom,
>
> I hope I'm learning something but here goes another round of ignorance.
>
> Is the nat file translated into rules that do static nat in both
> directions?

Yes.

>
> If one server in the dmz has 3 IPs, (aliased) and 2 of them are proxyarp'd
> can I masquerade the other one, which is a 198.168.1.X?  Part of my
> confusion is not understanding what IP is used on a multiple aliases IP
> interface for a source address.
>

For outgoing connection requests, it is the primary interface. Why would
you do such a thing though?

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net