Provided by: shorewall-common_4.0.12-1_all bug

NAME

       nat - Shorewall one-to-one NAT file

SYNOPSIS

       /etc/shorewall/nat

DESCRIPTION

       This  file  is  used  to  define one-to-one Network Address Translation
       (NAT).
              Warning

              If all you want to do is simple port forwarding, do NOT use this
              file.          See         http://www.shorewall.net/FAQ.htm#faq1
              〈../FAQ.htm#faq1〉 .  Also, in many cases, Proxy ARP ( shorewall-
              proxyarp  〈shorewall-proxyarp.html〉  (5))  is  a better solution
              that one-to-one NAT.

       The columns in the file are as follows.

       EXTERNALaddress
              External IP Address - this should NOT be the primary IP  address
              of  the interface named in the next column and must not be a DNS
              Name.

              If you put COMMENT in this column, the rest of the line will  be
              attached  as a comment to the Netfilter rule(s) generated by the
              following entries in the file. The comment will appear delimited
              by "/* ... */" in the output of "shorewall show nat"

              To stop the comment from being attached to further rules, simply
              include COMMENT on a line by itself.

       INTERFACEinterface[:[digit]]
              Interface that has the EXTERNAL address.  If  ADD_IP_ALIASES=Yes
              in  shorewall.conf  〈shorewall.conf.html〉  (5),  Shorewall  will
              automatically add the EXTERNAL address to this  interface.  Also
              if  ADD_IP_ALIASES=Yes,  you  may follow the interface name with
              ":" and a digit to indicate that you want Shorewall to  add  the
              alias  with  this name (e.g., "eth0:0").  That allows you to see
              the alias with ifconfig. That is the only thing that  this  name
              is  good for -- you cannot use it anwhere else in your Shorewall
              configuration.

              If you want to  override  ADD_IP_ALIASES=Yes  for  a  particular
              entry,  follow  the  interface name with ":" and no digit (e.g.,
              "eth0:").

       INTERNALaddress
              Internal Address (must not be a DNS Name).

       ALL INTERFACES - [Yes|No]
              If Yes or yes, NAT will be effective from all hosts. If No or no
              (or  left  empty)  then  NAT  will be effective only through the
              interface named in the INTERFACE column.

       LOCAL — [Yes|No]
              If Yes or yes, NAT will be effective from the firewall system

FILES

       /etc/shorewall/nat

SEE ALSO

http://shorewall.net/NAT.htmshorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
       blacklist(5),  shorewall-hosts(5),  shorewall-interfaces(5), shorewall-
       maclist(5),    shorewall-masq(5),    shorewall-netmap(5),    shorewall-
       params(5),   shorewall-policy(5),   shorewall-providers(5),  shorewall-
       proxyarp(5),   shorewall-route_routes(5),    shorewall-routestopped(5),
       shorewall-rules(5),      shorewall.conf(5),     shorewall-tcclasses(5),
       shorewall-tcdevices(5),     shorewall-tcrules(5),     shorewall-tos(5),
       shorewall-tunnels(5), shorewall-zones(5)

                                 24 June 2008                 shorewall-nat(5)