Re[2]: [Shorewall-users] MASQ !!

Tom Eastep
Thu, 10 Jan 2002 06:41:56 -0800

On Thursday 10 January 2002 01:05 pm, wrote:
> Dear Tom,
> I sorry for my explain unclear.I use masq in Shorewall .That is just
> the command when i use iptables-save >> test.text to show.
> I mean that i want to Masq with 1 interface that not be the
> internet-interface .Can i ?


> Because i did that masq my local-subnet to dmz-interface(eth1) which
> have real-IP ,not internet-interface(eth0) which have unoffical-IP,it
> can do with Shorewall ?

Yes -- but you don't need to masquerade your local->dmz interface just=20
because your DMZ has a 'real' ip. My DMZ also has a host with a non-RFC19=
IP address and I don't use masquerade there.

Please look at the documentation for /etc/shorewall/masq and at the comme=
in that file. It will tell you exactly how to masquerade any host or subn=
through any interface.

Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \
ICQ: #60745924  \