From: Michael W. - i. B. S. G. <mw...@iq...> - 2010-03-01 23:13:40
|
Try 1.1.1.198 eth0 172.16.1.23 no no INTERFACE - interfacelist[:[digit]] Interfacees that have the EXTERNAL address But its more often done by usage of masq instead of nat put to your masq file vlan350 eth1:172.16.1.23 1.1.1.198 The benefit of masq is to have control about proto and port as well. If you use masq you can delete your nat file entry. If you tar.bz2 your dump it should become smaller. Try 'tar -cjf status.txt.tar.bz2 {your dump file}' Cheers Michael _____ Von: Red Baron [mailto:red...@gm...] Gesendet: Montag, 1. März 2010 23:54 An: Shorewall Users Betreff: [Shorewall-users] NAT Issue shorewall-lite version 4.4.6 Debian Lenny - 2.6.26-2-686 I have a large network of public IPS ( 1.1.1.128/25 ) I have broken this up into several smaller subnets. I have a few servers that I want to NAT translate from my gateway server to a public IP on VLAN350. which is subnet 1.1.1.192 / 27. My gateway server has the following interfaces eth0 - 1.1.1.149 /28 eth1 - 172.16.1.0 /24 vlan350 - 1.1.1.193 /27 I have this entry in the nat configuration file: #EXTERNAL INTERFACE INTERNAL ALL LOCAL 1.1.1.198 vlan350 172.16.1.23 no no #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE but when the host 172.16.1.23 pings the internet, the IP is masquerarded as 1.1.1.149, not 1.1.1.198 >From the gateway, I can do the following ping www.google.com <http://www.google.com/> -I 1.1.1.198 and I do get replies, and tcpdump on the gateway verifies that the IP being used is correct, so I know the routes are in place. Any suggestions as to what I might be doing wrong? The dump file is over 50k even after sending. |