Thanks..that did the job.

On Mon, Mar 1, 2010 at 5:26 PM, Tom Eastep <> wrote:
Red Baron wrote:
> shorewall-lite version 4.4.6
> Debian Lenny -  2.6.26-2-686
> I have a large network of public IPS ( <> )
> I have broken this up into several smaller subnets. I have a few servers
> that I want to NAT translate from my gateway server to a public IP on
> VLAN350. which is subnet / 27.
> My gateway server has the following interfaces
> eth0 - /28
> eth1 - /24
> vlan350 - /27
> I have this entry in the nat configuration file:
>    vlan350    no    no
> but when the host pings the internet, the IP is masquerarded
> as, not
> From the gateway, I can do the following
> ping <> -I
> and I do get replies, and tcpdump on the gateway verifies that the IP
> being used is correct, so I know the routes are in place.
> Any suggestions as to what I might be doing wrong?

I assume that eth0 is your external interface with the default route? If
so you want to specify that interface in the nat file, not vlan350.

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car \________________________________________________

Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
Shorewall-users mailing list