Hello, using plain iptables I can do something like this:
iptables -t nat -A POSTROUTING -o <extif> -j ACCEPT -d <our-rfc1918-net> iptables -t nat -A POSTROUTING -o <extif> -j ACCEPT -d <our-global-unicast-net iptables -t nat -A POSTROUTING -o <extif> -j SNAT --to <global-unicast-ip-of-extif> This will do SNAT for any target but our local networks. Is it possible to do something like this with shorewall as well? Sven -- "Those who do not understand Unix are condemned to reinvent it, poorly" (Henry Spencer) /me is giggls@ircnet, http://sven.gegg.us/ on the Web ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
