Re: [Shorewall-users] NAT Issue

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Try

1.1.1.198    eth0    172.16.1.23    no    no

INTERFACE - interfacelist[:[digit]]

Interfacees that have the EXTERNAL address

But its more often done by usage of masq instead of nat

put to your masq file

vlan350            eth1:172.16.1.23           1.1.1.198

The benefit of masq is to have control about proto and port as well. 

If you use masq you can delete your nat file entry. 

If you tar.bz2 your dump it should become smaller. Try 'tar -cjf
status.txt.tar.bz2 {your dump file}'

Cheers

Michael 

  _____  

Von: Red Baron [mailto:red...@gm...] 
Gesendet: Montag, 1. März 2010 23:54
An: Shorewall Users
Betreff: [Shorewall-users] NAT Issue

shorewall-lite version 4.4.6
Debian Lenny -  2.6.26-2-686

I have a large network of public IPS ( 1.1.1.128/25 )

I have broken this up into several smaller subnets. I have a few servers
that I want to NAT translate from my gateway server to a public IP on
VLAN350. which is subnet 1.1.1.192 / 27.

My gateway server has the following interfaces

eth0 - 1.1.1.149 /28
eth1 - 172.16.1.0 /24
vlan350 - 1.1.1.193 /27

I have this entry in the nat configuration file:
#EXTERNAL    INTERFACE    INTERNAL    ALL        LOCAL
1.1.1.198    vlan350    172.16.1.23    no    no
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

but when the host 172.16.1.23 pings the internet, the IP is masquerarded as
1.1.1.149, not 1.1.1.198

>From the gateway, I can do the following

ping www.google.com <http://www.google.com/>  -I 1.1.1.198

and I do get replies, and tcpdump on the gateway verifies that the IP being
used is correct, so I know the routes are in place.

Any suggestions as to what I might be doing wrong?

The dump file is over 50k even after sending.