1SHOREWALL-NETMAP(5) Configuration Files SHOREWALL-NETMAP(5)
2
3
4
6 netmap - Shorewall NETMAP definition file
7
9 /etc/shorewall[6]/netmap
10
12 This file is used to map addresses in one network to corresponding
13 addresses in a second network.
14
15 Warning
16 To use this file, your kernel and iptables must have NETMAP support
17 included.
18
19 The columns in the file are as follows (where the column name is
20 followed by a different name in parentheses, the different name is used
21 in the alternate specification syntax).
22
23 TYPE - {DNAT|SNAT}
24 If DNAT, traffic entering INTERFACE and addressed to NET1 has its
25 destination address rewritten to the corresponding address in NET2.
26
27 If SNAT, traffic leaving INTERFACE with a source address in NET1
28 has it's source address rewritten to the corresponding address in
29 NET2.
30
31 NET1 - network-address
32 Network in CIDR format (e.g., 192.168.1.0/24). Beginning with
33 Shorewall 4.4.24, exclusion[1] is supported.
34
35 INTERFACE - interface
36 The name of a network interface. The interface must be defined in
37 shorewall-interfaces[2](5). Shorewall allows loose matches to
38 wildcard entries in shorewall-interfaces[2](5). For example, ppp0
39 in this file will match a shorewall-interfaces[2](8) entry that
40 defines ppp+.
41
42 NET2 - network-address
43 Network in CIDR format
44
45 NET3 (Optional) - network-address
46 Added in Shorewall 4.4.11. If specified, qualifies INTERFACE. It
47 specifies a SOURCE network for DNAT rules and a DESTINATION network
48 for SNAT rules.
49
50 PROTO - protocol-number-or-name
51 Optional -- added in Shorewall 4.4.23.2. Only packets specifying
52 this protocol will have their IP header modified.
53
54 DPORT - port-number-or-name-list
55 Optional - added in Shorewall 4.4.23.2. Destination Ports. A
56 comma-separated list of Port names (from services(5)), port numbers
57 or port ranges; if the protocol is icmp, this column is interpreted
58 as the destination icmp-type(s). ICMP types may be specified as a
59 numeric type, a numeric type and code separated by a slash (e.g.,
60 3/4), or a typename. See
61 http://www.shorewall.net/configuration_file_basics.htm#ICMP[3].
62
63 If the protocol is ipp2p, this column is interpreted as an ipp2p
64 option without the leading "--" (example bit for bit-torrent). If
65 no PORT is given, ipp2p is assumed.
66
67 An entry in this field requires that the PROTO column specify icmp
68 (1), tcp (6), udp (17), sctp (132) or udplite (136). Use '-' if any
69 of the following field is supplied.
70
71 This column was formerly labelled DEST PORT(S).
72
73 SPORT - port-number-or-name-list
74 Optional -- added in Shorewall 4.4.23.2. Source port(s). If
75 omitted, any source port is acceptable. Specified as a
76 comma-separated list of port names, port numbers or port ranges.
77
78 An entry in this field requires that the PROTO column specify tcp
79 (6), udp (17), sctp (132) or udplite (136). Use '-' if any of the
80 following fields is supplied.
81
82 This column was formerly labelled SOURCE PORT(S).
83
85 /etc/shorewall/netmap
86
87 /etc/shorewall6/netmap
88
90 http://www.shorewall.net/netmap.html[4]
91
92 http://www.shorewall.net/configuration_file_basics.htm#Pairs[5]
93
94 shorewall(8)
95
97 1. exclusion
98 https://shorewall.org/manpages/shorewall-exclusion.html
99
100 2. shorewall-interfaces
101 https://shorewall.org/manpages/shorewall-interfaces.html
102
103 3. http://www.shorewall.net/configuration_file_basics.htm#ICMP
104 https://shorewall.org/configuration_file_basics.htm#ICMP
105
106 4. http://www.shorewall.net/netmap.html
107 https://shorewall.org/netmap.html
108
109 5. http://www.shorewall.net/configuration_file_basics.htm#Pairs
110 https://shorewall.org/configuration_file_basics.htm#Pairs
111
112
113
114Configuration Files 01/15/2020 SHOREWALL-NETMAP(5)