[Shorewall-users] design issue?

Tom Eastep teastep@shorewall.net
Fri, 12 Apr 2002 16:31:26 -0700 (Pacific Daylight Time)

On Fri, 12 Apr 2002, David Smead wrote:

> Tom,
> I hope I'm learning something but here goes another round of ignorance.
> Is the nat file translated into rules that do static nat in both
> directions?


> If one server in the dmz has 3 IPs, (aliased) and 2 of them are proxyarp'd
> can I masquerade the other one, which is a 198.168.1.X?  Part of my
> confusion is not understanding what IP is used on a multiple aliases IP
> interface for a source address.

For outgoing connection requests, it is the primary interface. Why would
you do such a thing though?

