> Kristoffer Egefelt wrote: >> Hi, >> >> I'd like to have local servers connect to the firewall external ip >> and >> have the traffic routed back to the local network. It works manually, >> but I can't figure out how to make this work through shorewall: >> >> *This works:* >> iptables -t nat -A POSTROUTING -d 10.10.5.242 -s 10.10.0.0/16 -p tcp >> --dport 80 -j SNAT --to 10.10.3.12 >> > > In /etc/shorewall/masq: > > <iface>:10.10.5.242 10.10.0.0/16 10.10.3.12 tcp 80 > > Where <iface> is the interface to 10.10.5.242.
Thanks - it works :D Only thing is that the <iface> is cust:[EMAIL PROTECTED] which /etc/ shorewall/masq won't recognize. It seems that I have to define interface vlan5 to /etc/shorewall/ interfaces which I hope I can avoid. This is the current interfaces: net bond0 detect tcpflags,routefilter,nosmurfs cust vlan+ detect routeback Is it possible to refer the "cust:[EMAIL PROTECTED]" in the masq file without having to specify seperate entries in the interfaces, zone and policy files? What I mean is if I add: vlan5 vlan5 detect routeback to the interfaces file - then I can use vlan5 for <iface> in the masq file, but I'd rather use something like cust:[EMAIL PROTECTED] to minimize amount of interfaces I have to type/add. Regards Kristoffer ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
