Re[2]: [Shorewall-users] MASQ !!

T.Q.Huy" <huytu@hcmc.netnam.vn T.Q.Huy" <huytu@hcmc.netnam.vn
Thu, 10 Jan 2002 13:05:28 -0800


Dear Tom,
I sorry for my explain unclear.I use masq in Shorewall .That is just
the command when i use iptables-save >> test.text to show.
I mean that i want to Masq with 1 interface that not be the
internet-interface .Can i ?
Because i did that masq my local-subnet to dmz-interface(eth1) which
have real-IP ,not internet-interface(eth0) which have unoffical-IP,it
can do with Shorewall ?

-- 
Best regards,
 T.Q.Huy                            mailto:huytu@hcmc.netnam.vn


Wednesday, January 09, 2002, 9:05:22 PM, you wrote:

TE> On Thursday 10 January 2002 10:31 am, huytu@mail.com wrote:
>> Dear shorewall-users,
>>   My MASQ command is below:
>> iptables -A POSTROUTING -s 10.20.1.0/255.255.255.0 -o eth3 -j MASQUERADE
>>
>> And i want to only :
>> iptables -A POSTROUTING -s 10.20.1.0/255.255.255.0  -j MASQUERADE
>>
>>
>> Can i do it with Shorewall ?

TE> Why are you using iptables commands for MASQUERADE with Shorewall? You 
TE> specify masquerading in /etc/shorewall/masq and you can COMPLETELY control 
TE> which subnets get masqueraded to which interfaces using that file.

TE> -Tom