Sophie

Sophie

distrib > Mandriva > mes5 > x86_64 > by-pkgid > 45723c51178a73df679c2a8284d8eeff > files > 154

shorewall-doc-4.0.15-0.2mdvmes5.noarch.rpm

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>shorewall-nat</title><link rel="stylesheet" href="html.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.73.2" /></head><body><div class="refentry" lang="en" xml:lang="en"><a id="id257168"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>nat — Shorewall one-to-one NAT file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">/etc/shorewall/nat</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257199"></a><h2>Description</h2><p>This file is used to define one-to-one Network Address Translation
    (NAT).</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>If all you want to do is simple port forwarding, do NOT use this
      file. See <a class="ulink" href="../FAQ.htm#faq1" target="_self">http://www.shorewall.net/FAQ.htm#faq1</a>.
      Also, in many cases, Proxy ARP (<a class="ulink" href="shorewall-proxyarp.html" target="_self">shorewall-proxyarp</a>(5)) is a better
      solution that one-to-one NAT.</p></div><p>The columns in the file are as follows.</p><div class="variablelist"><dl><dt><span class="term"><span class="bold"><strong>EXTERNAL</strong></span> -
        <span class="emphasis"><em>address</em></span></span></dt><dd><p>External IP Address - this should NOT be the primary IP
          address of the interface named in the next column and must not be a
          DNS Name.</p><p>If you put COMMENT in this column, the rest of the line will
          be attached as a comment to the Netfilter rule(s) generated by the
          following entries in the file. The comment will appear delimited by
          "/* ... */" in the output of "shorewall show nat"</p><p>To stop the comment from being attached to further rules,
          simply include COMMENT on a line by itself.</p></dd><dt><span class="term"><span class="bold"><strong>INTERFACE</strong></span> -
        <span class="emphasis"><em>interface</em></span>[<span class="bold"><strong>:</strong></span>[<span class="emphasis"><em>digit</em></span>]]</span></dt><dd><p>Interface that has the <span class="bold"><strong>EXTERNAL</strong></span> address. If ADD_IP_ALIASES=Yes in
          <a class="ulink" href="shorewall.conf.html" target="_self">shorewall.conf</a>(5),
          Shorewall will automatically add the EXTERNAL address to this
          interface. Also if ADD_IP_ALIASES=Yes, you may follow the interface
          name with ":" and a <span class="emphasis"><em>digit</em></span> to indicate that you
          want Shorewall to add the alias with this name (e.g., "eth0:0").
          That allows you to see the alias with ifconfig. <span class="bold"><strong>That is the only thing that this name is good for -- you
          cannot use it anwhere else in your Shorewall
          configuration.</strong></span></p><p>If you want to override ADD_IP_ALIASES=Yes for a particular
          entry, follow the interface name with ":" and no digit (e.g.,
          "eth0:").</p></dd><dt><span class="term"><span class="bold"><strong>INTERNAL</strong></span> -
        <span class="emphasis"><em>address</em></span></span></dt><dd><p>Internal Address (must not be a DNS Name).</p></dd><dt><span class="term"><span class="bold"><strong>ALL INTERFACES</strong></span> - [<span class="bold"><strong>Yes</strong></span>|<span class="bold"><strong>No</strong></span>]</span></dt><dd><p>If Yes or yes, NAT will be effective from all hosts. If No or
          no (or left empty) then NAT will be effective only through the
          interface named in the <span class="bold"><strong>INTERFACE</strong></span>
          column.</p></dd><dt><span class="term"><span class="bold"><strong>LOCAL</strong></span> - [<span class="bold"><strong>Yes</strong></span>|<span class="bold"><strong>No</strong></span>]</span></dt><dd><p>If <span class="bold"><strong>Yes</strong></span> or <span class="bold"><strong>yes</strong></span>, NAT will be effective from the firewall
          system</p></dd></dl></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257416"></a><h2>FILES</h2><p>/etc/shorewall/nat</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257426"></a><h2>See ALSO</h2><p><a class="ulink" href="http://shorewall.net/NAT.htm" target="_self">http://shorewall.net/NAT.htm</a></p><p>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
    shorewall-maclist(5), shorewall-masq(5), shorewall-netmap(5),
    shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
    shorewall-proxyarp(5), shorewall-route_routes(5),
    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
    shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
    shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</p></div></div></body></html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional