shorewall-nat(5)

1shorewall-nat(5)                                              shorewall-nat(5)
2
3
4

NAME

6       nat - Shorewall one-to-one NAT file
7

SYNOPSIS

9       /etc/shorewall/nat
10

DESCRIPTION

12       This  file  is  used  to  define one-to-one Network Address Translation
13       (NAT).
14              Warning
15
16              If all you want to do is simple port forwarding, do NOT use this
17              file. See http://www.shorewall.net/FAQ.htm#faq1 ⟨../
18              FAQ.htm#faq1⟩ .  Also, in many cases, Proxy ARP ( shorewall-
19              proxyarp  ⟨shorewall-proxyarp.html⟩  (5))  is  a better solution
20              that one-to-one NAT.
21
22       The columns in the file are as follows.
23
24       EXTERNAL — address
25              External IP Address - this should NOT be the primary IP  address
26              of  the interface named in the next column and must not be a DNS
27              Name.
28
29              If you put COMMENT in this column, the rest of the line will  be
30              attached  as a comment to the Netfilter rule(s) generated by the
31              following entries in the file. The comment will appear delimited
32              by "/* ... */" in the output of "shorewall show nat"
33
34              To stop the comment from being attached to further rules, simply
35              include COMMENT on a line by itself.
36
37       INTERFACE — interface[:[digit]]
38              Interface that has the EXTERNAL address.  If  ADD_IP_ALIASES=Yes
39              in  shorewall.conf ⟨shorewall.conf.html⟩ (5), Shorewall will au‐
40              tomatically add the EXTERNAL address to this interface. Also  if
41              ADD_IP_ALIASES=Yes,  you  may follow the interface name with ":"
42              and a digit to indicate that you want Shorewall to add the alias
43              with  this  name  (e.g.,  "eth0:0").  That allows you to see the
44              alias with ifconfig. That is the only thing that  this  name  is
45              good  for  --  you  cannot use it anwhere else in your Shorewall
46              configuration.
47
48              If you want to override ADD_IP_ALIASES=Yes for a particular  en‐
49              try,  follow  the  interface  name  with ":" and no digit (e.g.,
50              "eth0:").
51
52       INTERNAL — address
53              Internal Address (must not be a DNS Name).
54
55       ALL INTERFACES - [Yes|No]
56              If Yes or yes, NAT will be effective from all hosts. If No or no
57              (or  left empty) then NAT will be effective only through the in‐
58              terface named in the INTERFACE column.
59
60       LOCAL — [Yes|No]
61              If Yes or yes, NAT will be effective from the firewall system
62

FILES

64       /etc/shorewall/nat
65

67       ⟨http://shorewall.net/NAT.htm⟩
68
69       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
70       blacklist(5),  shorewall-hosts(5),  shorewall-interfaces(5), shorewall-
71       maclist(5),    shorewall-masq(5),    shorewall-netmap(5),    shorewall-
72       params(5), shorewall-policy(5), shorewall-providers(5), shorewall-prox‐
73       yarp(5), shorewall-route_routes(5),  shorewall-routestopped(5),  shore‐
74       wall-rules(5),  shorewall.conf(5),  shorewall-tcclasses(5),  shorewall-
75       tcdevices(5),  shorewall-tcrules(5),  shorewall-tos(5),  shorewall-tun‐
76       nels(5), shorewall-zones(5)
77
78
79
80                                  19 May 2008                 shorewall-nat(5)

NAME

SYNOPSIS

DESCRIPTION

FILES

SEE ALSO