"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "manpages/shorewall-snat.xml" between
shorewall-docs-xml-5.2.7.tar.bz2 and shorewall-docs-xml-5.2.8.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall (documentation; XML)

shorewall-snat.xml  (shorewall-docs-xml-5.2.7.tar.bz2):shorewall-snat.xml  (shorewall-docs-xml-5.2.8.tar.bz2)
skipping to change at line 210 skipping to change at line 210
role="bold">:random</emphasis>) with <emphasis role="bold">:random</emphasis>) with <emphasis
role="bold">:persistent</emphasis>. This is only useful when role="bold">:persistent</emphasis>. This is only useful when
an address range is specified and causes a client to be given an address range is specified and causes a client to be given
the same source/destination IP pair.</para> the same source/destination IP pair.</para>
<para>You may also use the special value <para>You may also use the special value
<option>detect</option> which causes Shorewall to determine <option>detect</option> which causes Shorewall to determine
the IP addresses configured on the interface named in the DEST the IP addresses configured on the interface named in the DEST
column and substitute them in this column.</para> column and substitute them in this column.</para>
<para>Finally, you may also specify a comma-separated list of
ranges and/or addresses in this column.</para>
<para>DNS Names names are not allowed.</para> <para>DNS Names names are not allowed.</para>
<para>Normally, Netfilter will attempt to retain the source <para>Normally, Netfilter will attempt to retain the source
port number. You may cause netfilter to remap the source port port number. You may cause netfilter to remap the source port
by following an address or range (if any) by ":" and a port by following an address or range (if any) by ":" and a port
range with the format range with the format
<emphasis>lowport</emphasis>-<emphasis>highport</emphasis>. If <emphasis>lowport</emphasis>-<emphasis>highport</emphasis>. If
this is done, you must specify "tcp", "udp", "dccp" or "stcp" this is done, you must specify "tcp", "udp", "dccp" or "stcp"
in the PROTO column.</para> in the PROTO column.</para>
skipping to change at line 808 skipping to change at line 805
<programlisting> #ACTION SOURCE DEST <programlisting> #ACTION SOURCE DEST
SNAT(206.124.146.177) - eth0:+myset[dst]</programlisting > SNAT(206.124.146.177) - eth0:+myset[dst]</programlisting >
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>IPv4 Example 6:</term> <term>IPv4 Example 6:</term>
<listitem> <listitem>
<para>SNAT outgoing connections on eth0 from 192.168.1.0/24 in <para>SNAT outgoing connections on eth0 from 192.168.1.0/24 randomly
round-robin fashion between addresses 1.1.1.1, 1.1.1.3, and 1.1.1.9 to addresses 1.1.1.1, 1.1.1.3, and 1.1.1.9 (Shorewall 5.0.0 and
(Shorewall 4.5.9 and later).</para> later).</para>
<programlisting>/etc/shorewall/tcrules:
#ACTION SOURCE DEST PROTO DPORT SPORT USER
TEST
1-3:CF 192.168.1.0/24 eth0 ; state=NEW
/etc/shorewall/snat: <programlisting>/etc/shorewall/snat:
#ACTION SOURCE DEST #ACTION SOURCE DEST
SNAT(1.1.1.1) 192.168.1.0/24 eth0 { mark=1:C } SNAT(1.1.1.1) 192.168.1.0/24 eth0 { probability=0.33 }
SNAT(1.1.1.3) 192.168.1.0/24 eth0 { mark=2:C } SNAT(1.1.1.3) 192.168.1.0/24 eth0 { probability=0.50 }
SNAT(1.1.1.9) 192.168.1.0/24 eth0 { mark=3:C }</programlistin SNAT(1.1.1.9) 192.168.1.0/24 eth0</programlisting>
g>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>IPv6 Example 1:</term> <term>IPv6 Example 1:</term>
<listitem> <listitem>
<para>You have a simple 'masquerading' setup where eth0 connects to <para>You have a simple 'masquerading' setup where eth0 connects to
a DSL or cable modem and eth1 connects to your local network with a DSL or cable modem and eth1 connects to your local network with
subnet 2001:470:b:787::0/64</para> subnet 2001:470:b:787::0/64</para>
 End of changes. 4 change blocks. 
17 lines changed or deleted 7 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)