1SHOREWALL-NETMAP(5)             [FIXME: manual]            SHOREWALL-NETMAP(5)
2
3
4

NAME

6       netmap - Shorewall NETMAP definition file
7

SYNOPSIS

9       /etc/shorewall/netmap
10

DESCRIPTION

12       This file is used to map addresses in one network to corresponding
13       addresses in a second network.
14
15           Warning
16           To use this file, your kernel and iptables must have NETMAP support
17           included.
18
19       The columns in the file are as follows.
20
21       TYPE - {DNAT|SNAT}[:{P|O|T}]
22           Must be DNAT or SNAT; beginning with Shorewall 4.4.23, may be
23           optionally followed by :P, :O or :T to perform stateless NAT.
24           Stateless NAT requires Rawpost Table support in your kernel and
25           iptables (see the output of shorewall show capabilities).
26
27           If DNAT or DNAT:P, traffic entering INTERFACE and addressed to NET1
28           has its destination address rewritten to the corresponding address
29           in NET2.
30
31           If SNAT or SNAT:T, traffic leaving INTERFACE with a source address
32           in NET1 has it's source address rewritten to the corresponding
33           address in NET2.
34
35           If DNAT:O, traffic originating on the firewall and leaving via
36           INTERFACE and addressed to NET1 has its destination address
37           rewritten to the corresponding address in NET2.
38
39           If DNAT:P, traffic entering via INTERFACE and addressed to NET1 has
40           its destination address rewritten to the corresponding address in
41           NET2.
42
43           If SNAT:P, traffic entering via INTERFACE with a destination
44           address in NET1 has it's source address rewritten to the
45           corresponding address in NET2.
46
47           If SNAT:O, traffic originating on the firewall and leaving via
48           INTERFACE with a source address in NET1 has it's source address
49           rewritten to the corresponding address in NET2.
50
51       NET1 - network-address
52           Network in CIDR format (e.g., 192.168.1.0/24).
53
54       INTERFACE - interface
55           The name of a network interface. The interface must be defined in
56           shorewall-interfaces[1](5). Shorewall allows loose matches to
57           wildcard entries in shorewall-interfaces[1](5). For example, ppp0
58           in this file will match a shorewall-interfaces[1](8) entry that
59           defines ppp+.
60
61       NET2 - network-address
62           Network in CIDR format
63
64       NET3 (Optional) - network-address
65           Added in Shorewall 4.4.11. If specified, qualifies INTERFACE. It
66           specifies a SOURCE network for DNAT rules and a DESTINATON network
67           for SNAT rules.
68
69       PROTO (Optional - Added in Shorewall 4.4.23.2) -
70       protocol-number-or-name
71           Only packets specifying this protocol will have their IP header
72           modified.
73
74       DEST PORT(S) (Optional - Added in Shorewall 4.4.23.2) -
75       port-number-or-name-list
76           Destination Ports. A comma-separated list of Port names (from
77           services(5)), port numbers or port ranges; if the protocol is icmp,
78           this column is interpreted as the destination icmp-type(s). ICMP
79           types may be specified as a numeric type, a numberic type and code
80           separated by a slash (e.g., 3/4), or a typename. See
81           http://www.shorewall.net/configuration_file_basics.htm#ICMP.
82
83           If the protocol is ipp2p, this column is interpreted as an ipp2p
84           option without the leading "--" (example bit for bit-torrent). If
85           no PORT is given, ipp2p is assumed.
86
87           An entry in this field requires that the PROTO column specify icmp
88           (1), tcp (6), udp (17), sctp (132) or udplite (136). Use '-' if any
89           of the following field is supplied.
90
91       DEST PORT(S) (Optional - Added in Shorewall 4.4.23.2) -
92       port-number-or-name-list
93           Source port(s). If omitted, any source port is acceptable.
94           Specified as a comma-separated list of port names, port numbers or
95           port ranges.
96
97           An entry in this field requires that the PROTO column specify tcp
98           (6), udp (17), sctp (132) or udplite (136). Use '-' if any of the
99           following fields is supplied.
100

FILES

102       /etc/shorewall/netmap
103

SEE ALSO

105       http://shorewall.net/netmap.html
106
107       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
108       shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
109       shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
110       shorewall-nat(5), shorewall-params(5), shorewall-policy(5),
111       shorewall-providers(5), shorewall-proxyarp(5),
112       shorewall-route_rules(5), shorewall-routestopped(5),
113       shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
114       shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
115       shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
116

NOTES

118        1. shorewall-interfaces
119           http://www.shorewall.net/manpages/shorewall-interfaces.html
120
121
122
123[FIXME: source]                   09/16/2011               SHOREWALL-NETMAP(5)
Impressum