SHOREWALL-NAT(5) [FIXME: manual] SHOREWALL-NAT(5)NAME
nat - Shorewall one-to-one NAT file
SYNOPSIS
/etc/shorewall/nat
DESCRIPTION
This file is used to define one-to-one Network Address Translation
(NAT).
Warning
If all you want to do is simple port forwarding, do NOT use this
file. See http://www.shorewall.net/FAQ.htm#faq1[1]. Also, in many
cases, Proxy ARP (shorewall-proxyarp[2](5)) is a better solution
that one-to-one NAT.
The columns in the file are as follows (where the column name is
followed by a different name in parentheses, the different name is used
in the alternate specification syntax).
EXTERNAL - {address|[?]COMMENT}
External IP Address - this should NOT be the primary IP address of
the interface named in the next column and must not be a DNS Name.
If you put COMMENT in this column, the rest of the line will be
attached as a comment to the Netfilter rule(s) generated by the
following entries in the file. The comment will appear delimited by
"/* ... */" in the output of "shorewall show nat"
To stop the comment from being attached to further rules, simply
include COMMENT on a line by itself.
Note
Beginning with Shorewall 4.5.11, ?COMMENT is a synonym for
COMMENT and is preferred.
INTERFACE - interfacelist[:[digit]]
Interfaces that have the EXTERNAL address. If ADD_IP_ALIASES=Yes in
shorewall.conf[3](5), Shorewall will automatically add the EXTERNAL
address to this interface. Also if ADD_IP_ALIASES=Yes, you may
follow the interface name with ":" and a digit to indicate that you
want Shorewall to add the alias with this name (e.g., "eth0:0").
That allows you to see the alias with ifconfig. That is the only
thing that this name is good for -- you cannot use it anywhere else
in your Shorewall configuration.
Each interface must match an entry in shorewall-interfaces[4](5).
Shorewall allows loose matches to wildcard entries in
shorewall-interfaces[4](5). For example, ppp0 in this file will
match a shorewall-interfaces[4](5) entry that defines ppp+.
If you want to override ADD_IP_ALIASES=Yes for a particular entry,
follow the interface name with ":" and no digit (e.g., "eth0:").
INTERNAL - address
Internal Address (must not be a DNS Name).
ALL INTERFACES (allints) - [Yes|No]
If Yes or yes, NAT will be effective from all hosts. If No or no
(or left empty) then NAT will be effective only through the
interface named in the INTERFACE column.
LOCAL - [Yes|No]
If Yes or yes, NAT will be effective from the firewall system
FILES
/etc/shorewall/nat
SEE ALSO
http://shorewall.net/NAT.htm
http://shorewall.net/configuration_file_basics.htm#Pairs
shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5),
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
shorewall-zones(5)NOTES
1. http://www.shorewall.net/FAQ.htm#faq1
http://www.shorewall.net/manpages/../FAQ.htm#faq1
2. shorewall-proxyarp
http://www.shorewall.net/manpages/shorewall-proxyarp.html
3. shorewall.conf
http://www.shorewall.net/manpages/shorewall.conf.html
4. shorewall-interfaces
http://www.shorewall.net/manpages/shorewall-interfaces.html
[FIXME: source] 12/19/2013 SHOREWALL-NAT(5)
