On 10/18/2013 8:20 AM, Guilsson G wrote:
> In the old days, the DNAT rule parameter:
>
> #ORIGINAL DEST(0ptional -- only allowed if ACTION is DNAT[-] or
> <<<SNIP>>>
> #The address (list) may optionally be followed by
> #a colon (":") and a second IP address. This causes
> #Shorewall to use the second IP address as the source
> #address in forwarded packets. See the Shorewall
> #documentation for restrictions concerning this feature.
> #If no source IP address is given, the original source
> #address is not altered.
>
> It was VERY easy to change the source address of that DNAT connection.
>
> DNAT net loc:$PRINTER-INTERNAL:443 tcp https -
> $PRINTER-EXTERNAL:$FW-ETH1-INTERNAL
>
> In current version, what the EASY approach ?In the current version, the ONLY way is to add an entry to /etc/shorewall/masq: eth1:$PRINTER-INTERNAL - tcp https -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
