[Shorewall-users] Is this possible with shorewall?

Eduardo Ferreira duda at icatu.com.br
Mon Dec 1 13:47:45 PST 2003

hi Tom & all,

I need to have nat enabled in a special condition: only from a specific IP 
in my local zone and to a specific Host/net.  every other connection can't 
be natted.  I'm doing this with a couple of iptable commands that needs to 
be issued in the start script:

run_iptables -t nat -I POSTROUTING -s -d -j SNAT 
run_iptables -t nat -I PREROUTING -s -d -j DNAT 

is there a way of doing this using the configuration files?  For all I 
read, the answer is no.  But, why couldn't the nat configuration file be 
zone enabled?(eg if a connection from zoneA goes to zoneB, nat it.  every 
other case, don't nat it).  Something like:

#                                               INTERFACES
zoneB                   eth0                ZoneA               -  -

and may be a new column to indicate the address to be used...



