[Shorewall-users] Is this possible with shorewall?

Tom Eastep teastep at shorewall.net
Mon Dec 1 08:01:16 PST 2003


On Mon, 2003-12-01 at 07:47, Eduardo Ferreira wrote:
> I'm doing this with a couple of iptable commands that needs to 
> be issued in the start script:
> 
> run_iptables -t nat -I POSTROUTING -s 10.1.20.1 -d 172.21.4.1 -j SNAT 
> --to-source 172.21.4.51
> run_iptables -t nat -I PREROUTING -s 172.21.4.1 -d 172.21.4.51 -j DNAT 
> --to-destination 10.1.20.1
> 
> is there a way of doing this using the configuration files? 

/etc/shorewall/masq:

<if1>:172.21.4.1	10.1.20.1	172.21.4.51

/etc/shorewall/rules:

DNAT	<z1>:172.21.4.1	<z2>:10.1.20.1	all	-	-	172.21.4.51

-Tom	
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list