Hello, In iptables one could have this:
... *nat ... :POSTROUTING ACCEPT [0:0] ... -A POSTROUTING -i eth1 -o eth0 -s 10.10.10.0/24 -d 192.168.1.0/24 -j ACCEPT -A POSTROUTING -o eth0 -j MASQUERADE ... This allows for some specific traffic (from network 10.10.10.0/24 to network 192.168.1.0/24 ) to not be masquerade, or source nated and just be simply routed. I can't find a way to do this with shorewall. I want all the traffic going out to be source nated except in that specific case. I might, use the start script for this, by adding the rule after the shorewall gets started, although it does not seems the right way. I could have overlooked the documentation, but I didn't find this specific case covered in any of the documentation pages. Thanks for all your help. -- Duarte Rocha <[email protected]> Eurotux Informática, S.A. [http://eurotux.com] _____________________________________________________ A)bort, R)etry, I)nfluence with large hammer.
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
