On 11/14/2017 11:45 AM, Naveen Neelakanta wrote: > Hi All, > > Is it possible for me to configure SNAT ( change the source IP ) and > also configure DNAT ( such that it can change the Destination address > ) on the out going packet. > My unix box is configured as a router and i want to modify the traffic > coming from LAN and going to internet . if a client is pinging 8.8.8.8 > from source ip 10.10.10.1 , after leaving the unix router configured > with Shorewall , i want the source to be using interface ip and also > change the destination ip. I was able to change the source ip to that > of the interface ip , however i am not able to change the destination > ip 8.8.8.8 to 4.4.4.4. > > The configuration below helping me with the SNAT , how do i get the > DNAT also on the same direction. > > file : /etc/shorewall/masq > > eth3 10.10.10.1/24 > > > Any guidance on the above or pointers will be appreciated .
In the rules file: DNAT loc:10.10.10.1 net:4.4.4.4 icmp echo-request - 8.8.8.8 That rules is restricted to the local client with IP address 10.10.10.1. If you want this transformation for all local clients, use: DNAT loc net:4.4.4.4 icmp echo-request - 8.8.8.8 -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
