The network that I administer is just a sub network of a larger Intranet, and eBox is sitting now in the gateway to this larger network and Internet, so I want to give routing access to the whole Intranet and use http proxy for Internet, maybe having the option to use NAT for some hosts, I have been studying a little the firewall rules on ebox, I see this rules on the NAT table:
Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- !200.55.133.130 0.0.0.0/0 to:200.55.133.130 This is causing me troubles, I guess ebox devs didn't think my use case is a common one and I agree, I could just use differents PCs to act as the gateway for each destination, but I would prefer not to do so. I'm guessing NAT rules could be build based on the info that we put on "Firewall / Packet Filter / Filtering rules for internal networks", only not automatically but with a check mark, this way if I only want to put something in the FORWARD chain on the mangle table I have that option also. This look likes to me as feature request, but can anybody give me an option I could use right now?, could I change the templates from where iptables rules are build? thanks in advance -- Carlos Javier Habana, CUBA _______________________________________________ Ebox-user mailing list [email protected] https://lists.warp.es/mailman/listinfo/ebox-user
