[Shorewall-users] Setting NAT
teastep at shorewall.net
Wed Aug 27 16:20:39 PDT 2003
On Wed, 2003-08-27 at 01:06, Joshua Banks wrote:
> --- rasito <rasito at jkt.elga.net.id> wrote:
> > i have 2 ip Static
> > eth0 : 202.x.x.x/ 29
> > eth1 : 192.168.1.1/ 24 and my client 192.168.1.2/ 24
> > and i want using shorewall software for NAT
> > how to settup and configure this software
> Hello Rasito,
> This is described on http://www.shorewall.net/two-interface.htm
Since the original poster has *2* static IP addresses, the Shorewall
Setup Guide (http://shorewall.net/shorewall_setup_guide.htm) may be more
appropriate although there isn't a whole lot that can be done with only
two IP addresses. With two systems behind the firewall, I would probably
use SNAT on one of them (use the gateway's external IP address for that)
then use static NAT for the other one.
eth0 eth1 <gateway's external IP address>
<second static IP> eth0 <IP address of second PC> No No
Alternatively, one could simply configure the addresses as an SNAT pool.
If the static addresses are contiguous:
eth0 eth1 <first static ip>-<second static ip>
Note that if ADD_SNAT_ALIASES=Yes then the 1.4.6 errata 'firewall' and
'functions' scripts must be installed.
If the addresses aren't contiguous then the 'firewall' and 'functions'
scripts from the 1.4.6 errata must be used and:
eth0 eth1 <first static ip>,<second static ip>
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users