Provided by: shorewall-common_4.0.6-1_all bug


       nat - Shorewall one-to-one NAT file




       This  file  is  used  to  define one-to-one Network Address Translation

              If all you want to do is simple port forwarding, do NOT use this
              file.          See
              〈../FAQ.htm#faq1〉 .  Also, in many cases, Proxy ARP ( shorewall-
              proxyarp  〈shorewall-proxyarp.html〉  (5))  is  a better solution
              that one-to-one NAT.

       The columns in the file are as follows.

              External IP Address - this should NOT be the primary IP  address
              of  the interface named in the next column and must not be a DNS

              If you put COMMENT in this column, the rest of the line will  be
              attached  as a comment to the Netfilter rule(s) generated by the
              following entries in the file. The comment will appear delimited
              by "/* ... */" in the output of "shorewall show nat"

              To stop the comment from being attached to further rules, simply
              include COMMENT on a line by itself.

              Interface that has the EXTERNAL address.  If  ADD_IP_ALIASES=Yes
              in  shorewall.conf  〈shorewall.conf.html〉  (5),  Shorewall  will
              automatically add the EXTERNAL address to this  interface.  Also
              if  ADD_IP_ALIASES=Yes,  you  may follow the interface name with
              ":" and a digit to indicate that you want Shorewall to  add  the
              alias  with  this name (e.g., "eth0:0").  That allows you to see
              the alias with ifconfig. That is the only thing that  this  name
              is  good for -- you cannot use it anwhere else in your Shorewall

              If you want to  override  ADD_IP_ALIASES=Yes  for  a  particular
              entry,  follow  the  interface name with ":" and no digit (e.g.,

              Internal Address (must not be a DNS Name).

       ALL INTERFACES - [Yes|No]
              If Yes or yes, NAT will be effective from all hosts. If No or no
              (or  left  empty)  then  NAT  will be effective only through the
              interface named in the INTERFACE column.

       LOCAL — [Yes|No]
              If Yes or yes, NAT will be effective from the firewall system



SEE ALSO, shorewall-accounting(5), shorewall-actions(5), shorewall-
       blacklist(5),  shorewall-hosts(5),  shorewall-interfaces(5), shorewall-
       maclist(5),    shorewall-masq(5),    shorewall-netmap(5),    shorewall-
       params(5),   shorewall-policy(5),   shorewall-providers(5),  shorewall-
       proxyarp(5),   shorewall-route_routes(5),    shorewall-routestopped(5),
       shorewall-rules(5),      shorewall.conf(5),     shorewall-tcclasses(5),
       shorewall-tcdevices(5),     shorewall-tcrules(5),     shorewall-tos(5),
       shorewall-tunnels(5), shorewall-zones(5)

                               23 November 2007               shorewall-nat(5)