Hi Folks, hi Tom, after a few years of useing shorewall now, I run into a "special case" of a new masquerading need, and I´m not sure if this is possible. I´ve already browsed through the mail archive - but there is not exactly my case discussed, just some where close to - or I didn´t understand one of them correctly, or wasn´t able adapt it to my case.
Shorewall Version 4.6.4.3 on debian jessie This is my masq config now: I masq everything to the external Iface ip: #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/ SWITCH ORIGINAL eth3 131.xxx.xxx.0/24 What I now want to do is: Keep the masq as it is - with one exception. All traffic to our mailserver should not be masq. I mean it like "masq everything outgoing on eth3 EXCEPT outgoing traffic to emailserver on eth3" The background is, that our mailserver is in the external zone and blocks the ip after to many failed logins. This means, our masq ip is blocked and no one can use the mailserver anymore. For this case it would be good not to masq, that each ip here is "visible" for the mailserver. Thanks and best regards Marc ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
