Re: [Shorewall-users] How to do MASQUERADING to a specific address

Wed, 26 Aug 2009 09:27:50 -0700 

Hi,

On Wed, Aug 26, 2009 at 10:58 AM, Tom Eastep <[email protected]> wrote:

> Bráulio Gergull wrote:
> > Hi all,
> >
> > I've been using SuSE and SuSEfirewall for a long time, and now I'm
> > giving Shorewall a try. It's a great piece of software and I have
> > already moved some systems to Ubuntu and Shorewall very easily, just
> > following the docs.
> >
> > But now I'm moving another system and am facing a problem that I could
> > not find in the docs.
> >
> > How do I do MASQUERADING to a specific target?
> ...
> >
> > I first would put it in masq file, but I couldn't find a way to specify
> > the destination address and port.
>
> First of all, using MASQUERADING as a means for controlling access is
> not a good idea. You should use MASQUERADING to rewrite the SOURCE IP
> address and you should use filter rules to control access.


That's a point of view. Generally I have all outgoing traffic blocked, most
outgoing traffic will be handled by proxies, and for  some exceptions I do
masquerading as necessary on a specif basis. But OK, I'm still trying to
understand Shorewall concepts more deeply.

Then I would put it in the rules file,
> > but then and cannot specify MASQ as the action.
> >
> > What's the right way to do it?
>
> /etc/shorewall/masq:
>
> <external if>:xxx.xxx.xxx.xxx   192.168.0.0/24  -       tcp     3389
>
> /etc/shorewall/rules:
>
> ACCEPT  loc:192.168.0.x-192.168.0.z     tcp     3389
>
> The latter, of course, assumes that your loc->net policy is not ACCEPT.
>

Fine, got it!

> By the way, I'm running Ubuntu 8.0.4 LTS and Shorewall 4.0.6.
>
> There are 4.2 Shorewall packages available for Hardy -- see the
> Shorewall download page.
>

Nice to know, I'll give it a try.

Thanks a lot!

Braulio Gergull

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to