[Shorewall-users] Setting NAT

Tom Eastep teastep at shorewall.net
Wed Aug 27 16:20:39 PDT 2003


On Wed, 2003-08-27 at 01:06, Joshua Banks wrote:
> --- rasito <rasito at jkt.elga.net.id> wrote:
> > i have 2 ip Static
> > 
> > eth0 : 202.x.x.x/ 29
> > eth1 : 192.168.1.1/ 24 and my client 192.168.1.2/ 24
> > 
> > and i want using shorewall software for NAT
> > how to settup and configure this software
> 
> Hello Rasito,
> 
> This is described on http://www.shorewall.net/two-interface.htm
> 

Since the original poster has *2* static IP addresses, the Shorewall
Setup Guide (http://shorewall.net/shorewall_setup_guide.htm) may be more
appropriate although there isn't a whole lot that can be done with only
two IP addresses. With two systems behind the firewall, I would probably
use SNAT on one of them (use the gateway's external IP address for that)
then use static NAT for the other one.

/etc/shorewall/masq:

eth0	eth1	<gateway's external IP address>

/etc/shorewall/nat:

<second static IP> eth0	<IP address of second PC> No No

Alternatively, one could simply configure the addresses as an SNAT pool.
If the static addresses are contiguous:

/etc/shorewall/masq:

eth0	eth1	<first static ip>-<second static ip>

Note that if ADD_SNAT_ALIASES=Yes then the 1.4.6 errata 'firewall' and
'functions' scripts must be installed.

If the addresses aren't contiguous then the 'firewall' and 'functions'
scripts from the 1.4.6 errata must be used and:

/etc/shorewall/masq:

eth0	eth1	<first static ip>,<second static ip>

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net



More information about the Shorewall-users mailing list