From: Sven G. <li...@fu...> - 2012-09-20 12:43:15
|
Hello, using plain iptables I can do something like this: iptables -t nat -A POSTROUTING -o <extif> -j ACCEPT -d <our-rfc1918-net> iptables -t nat -A POSTROUTING -o <extif> -j ACCEPT -d <our-global-unicast-net iptables -t nat -A POSTROUTING -o <extif> -j SNAT --to <global-unicast-ip-of-extif> This will do SNAT for any target but our local networks. Is it possible to do something like this with shorewall as well? Sven -- "Those who do not understand Unix are condemned to reinvent it, poorly" (Henry Spencer) /me is giggls@ircnet, http://sven.gegg.us/ on the Web |