[Shorewall-users] Doing NAT to anything but local addresses?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello,

using plain iptables I can do something like this:

iptables -t nat -A POSTROUTING -o <extif> -j ACCEPT -d <our-rfc1918-net>
iptables -t nat -A POSTROUTING -o <extif> -j ACCEPT -d <our-global-unicast-net
iptables -t nat -A POSTROUTING -o <extif> -j SNAT --to <global-unicast-ip-of-extif>

This will do SNAT for any target but our local networks.

Is it possible to do something like this with shorewall as well?

Sven

-- 
"Those who do not understand Unix are condemned to reinvent it, poorly"
(Henry Spencer)

/me is giggls@ircnet, http://sven.gegg.us/ on the Web