| shorewall-nat.xml (shorewall-docs-xml-5.2.3.6.tar.bz2) | : | shorewall-nat.xml (shorewall-docs-xml-5.2.6.tar.bz2) |
|---|
| | |
| skipping to change at line 34 | | skipping to change at line 34 |
|---|
| | |
| <refsect1> | | <refsect1> |
| <title>Description</title> | | <title>Description</title> |
| | |
| <para>This file is used to define one-to-one Network Address Translation | | <para>This file is used to define one-to-one Network Address Translation |
| (NAT).</para> | | (NAT).</para> |
| | |
| <warning> | | <warning> |
| <para>If all you want to do is simple port forwarding, do NOT use this | | <para>If all you want to do is simple port forwarding, do NOT use this |
| file. See <ulink | | file. See <ulink |
|
| url="/FAQ.htm#faq1">http://www.shorewall.net/FAQ.htm#faq1</ulink>. Also, | | url="../FAQ.htm#faq1">https://shorewall.org/FAQ.htm#faq1</ulink>. Also, |
| in many cases, Proxy ARP (<ulink | | in many cases, Proxy ARP (<ulink |
|
| url="/manpages/shorewall-proxyarp.html">shorewall-proxyarp</ulink>(5)) | | url="shorewall-proxyarp.html">shorewall-proxyarp</ulink>(5)) |
| or Proxy-NDP(<ulink | | or Proxy-NDP(<ulink |
|
| url="/manpages/shorewall-proxyndp.html">shorewall6-proxyndp</ulink>(5)) | | url="shorewall-proxyndp.html">shorewall6-proxyndp</ulink>(5)) |
| is a better solution that one-to-one NAT.</para> | | is a better solution that one-to-one NAT.</para> |
| </warning> | | </warning> |
| | |
| <para>The columns in the file are as follows (where the column name is | | <para>The columns in the file are as follows (where the column name is |
| followed by a different name in parentheses, the different name is used in | | followed by a different name in parentheses, the different name is used in |
| the alternate specification syntax).</para> | | the alternate specification syntax).</para> |
| | |
| <variablelist> | | <variablelist> |
| <varlistentry> | | <varlistentry> |
| <term><emphasis role="bold">EXTERNAL</emphasis> - | | <term><emphasis role="bold">EXTERNAL</emphasis> - |
| | |
| skipping to change at line 75 | | skipping to change at line 75 |
|---|
| | |
| <varlistentry> | | <varlistentry> |
| <term><emphasis role="bold">INTERFACE</emphasis> - | | <term><emphasis role="bold">INTERFACE</emphasis> - |
| <emphasis>interfacelist</emphasis>[<emphasis | | <emphasis>interfacelist</emphasis>[<emphasis |
| role="bold">:</emphasis>[<emphasis>digit</emphasis>]]</term> | | role="bold">:</emphasis>[<emphasis>digit</emphasis>]]</term> |
| | |
| <listitem> | | <listitem> |
| <para>Interfaces that have the <emphasis | | <para>Interfaces that have the <emphasis |
| role="bold">EXTERNAL</emphasis> address. If ADD_IP_ALIASES=Yes in | | role="bold">EXTERNAL</emphasis> address. If ADD_IP_ALIASES=Yes in |
| <ulink | | <ulink |
|
| url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5), | | url="shorewall.conf.html">shorewall.conf</ulink>(5), |
| Shorewall will automatically add the EXTERNAL address to this | | Shorewall will automatically add the EXTERNAL address to this |
| interface. Also if ADD_IP_ALIASES=Yes, you may follow the interface | | interface. Also if ADD_IP_ALIASES=Yes, you may follow the interface |
| name with ":" and a <emphasis>digit</emphasis> to indicate that you | | name with ":" and a <emphasis>digit</emphasis> to indicate that you |
| want Shorewall to add the alias with this name (e.g., "eth0:0"). | | want Shorewall to add the alias with this name (e.g., "eth0:0"). |
| That allows you to see the alias with ifconfig. <emphasis | | That allows you to see the alias with ifconfig. <emphasis |
| role="bold">That is the only thing that this name is good for -- you | | role="bold">That is the only thing that this name is good for -- you |
| cannot use it anywhere else in your Shorewall configuration. | | cannot use it anywhere else in your Shorewall configuration. |
| </emphasis></para> | | </emphasis></para> |
| | |
| <para>Each interface must match an entry in <ulink | | <para>Each interface must match an entry in <ulink |
|
| url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
(5). | | url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). |
| Shorewall allows loose matches to wildcard entries in <ulink | | Shorewall allows loose matches to wildcard entries in <ulink |
|
| url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
(5). | | url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). |
| For example, <filename class="devicefile">ppp0</filename> in this | | For example, <filename class="devicefile">ppp0</filename> in this |
| file will match a <ulink | | file will match a <ulink |
|
| url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
(5) | | url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5) |
| entry that defines <filename | | entry that defines <filename |
| class="devicefile">ppp+</filename>.</para> | | class="devicefile">ppp+</filename>.</para> |
| | |
| <para>If you want to override ADD_IP_ALIASES=Yes for a particular | | <para>If you want to override ADD_IP_ALIASES=Yes for a particular |
| entry, follow the interface name with ":" and no digit (e.g., | | entry, follow the interface name with ":" and no digit (e.g., |
| "eth0:").</para> | | "eth0:").</para> |
| </listitem> | | </listitem> |
| </varlistentry> | | </varlistentry> |
| | |
| <varlistentry> | | <varlistentry> |
| | |
| skipping to change at line 204 | | skipping to change at line 204 |
|---|
| <emphasis role="bold">smc $FW CONTINUE</emphasis> | | <emphasis role="bold">smc $FW CONTINUE</emphasis> |
| loc net ACCEPT | | loc net ACCEPT |
| net all DROP info | | net all DROP info |
| # THE FOLLOWING POLICY MUST BE LAST | | # THE FOLLOWING POLICY MUST BE LAST |
| all all REJECT info | | all all REJECT info |
| </programlisting> | | </programlisting> |
| </listitem> | | </listitem> |
| | |
| <listitem> | | <listitem> |
| <para>Set IMPLICIT_CONTINUE=Yes in <ulink | | <para>Set IMPLICIT_CONTINUE=Yes in <ulink |
|
| url="/manpages/shorewall.conf.html">shorewall.conf(5)</ulink>.</para> | | url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para> |
| </listitem> | | </listitem> |
| </orderedlist> | | </orderedlist> |
| </refsect1> | | </refsect1> |
| | |
| <refsect1> | | <refsect1> |
| <title>FILES</title> | | <title>FILES</title> |
| | |
| <para>/etc/shorewall/nat</para> | | <para>/etc/shorewall/nat</para> |
| | |
| <para>/etc/shorewall6/nat</para> | | <para>/etc/shorewall6/nat</para> |
| </refsect1> | | </refsect1> |
| | |
| <refsect1> | | <refsect1> |
| <title>See ALSO</title> | | <title>See ALSO</title> |
| | |
| <para><ulink | | <para><ulink |
|
| url="/NAT.htm">http://www.shorewall.net/NAT.htm</ulink></para> | | url="../NAT.htm">https://shorewall.org/NAT.htm</ulink></para> |
| | |
| <para><ulink | | <para><ulink |
|
| url="/configuration_file_basics.htm#Pairs">http://www.shorewall.net/configur
ation_file_basics.htm#Pairs</ulink></para> | | url="../configuration_file_basics.htm#Pairs">https://shorewall.org/configura
tion_file_basics.htm#Pairs</ulink></para> |
| | |
| <para>shorewall(8)</para> | | <para>shorewall(8)</para> |
| </refsect1> | | </refsect1> |
| </refentry> | | </refentry> |
| | | |
| End of changes. 10 change blocks. |
|---|
| 10 lines changed or deleted | | 10 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 