If I have the following SNAT rule in masq: #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 192.168.122.0/24 1.1.4.5
How can I prevent SNATting for local subnets that are also reachable on
eth0? I can manually accomplish the goal with a:
# iptables -t nat -I eth0_masq -s 192.168.122.0/24 -d 192.168.0.0/24 -j RETURN
resulting in:
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 192.168.122.0/24
192.168.0.0/24
28 2176 SNAT all -- * * 192.168.122.0/24 0.0.0.0/0
to:1.1.4.5
IIRC, iptables accepts !192.168.0.0/24 in the destination of the SNAT
rule also, but I don't know if/how that maps to shorewall.
Cheers,
b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
