Re[2]: [Shorewall-users] MASQ !!

Tom Eastep teastep@shorewall.net
Thu, 10 Jan 2002 06:41:56 -0800


On Thursday 10 January 2002 01:05 pm, huytu@mail.com wrote:
> Dear Tom,
> I sorry for my explain unclear.I use masq in Shorewall .That is just
> the command when i use iptables-save >> test.text to show.
> I mean that i want to Masq with 1 interface that not be the
> internet-interface .Can i ?

Yes.

> Because i did that masq my local-subnet to dmz-interface(eth1) which
> have real-IP ,not internet-interface(eth0) which have unoffical-IP,it
> can do with Shorewall ?

Yes -- but you don't need to masquerade your local->dmz interface just=20
because your DMZ has a 'real' ip. My DMZ also has a host with a non-RFC19=
18=20
IP address and I don't use masquerade there.

Please look at the documentation for /etc/shorewall/masq and at the comme=
nts=20
in that file. It will tell you exactly how to masquerade any host or subn=
et=20
through any interface.

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net
-------------------------------------------