Provided by: shorewall-common_4.0.12-1_all
nat - Shorewall one-to-one NAT file
This file is used to define one-to-one Network Address Translation
If all you want to do is simple port forwarding, do NOT use this
file. See http://www.shorewall.net/FAQ.htm#faq1
〈../FAQ.htm#faq1〉 . Also, in many cases, Proxy ARP ( shorewall-
proxyarp 〈shorewall-proxyarp.html〉 (5)) is a better solution
that one-to-one NAT.
The columns in the file are as follows.
EXTERNAL — address
External IP Address - this should NOT be the primary IP address
of the interface named in the next column and must not be a DNS
If you put COMMENT in this column, the rest of the line will be
attached as a comment to the Netfilter rule(s) generated by the
following entries in the file. The comment will appear delimited
by "/* ... */" in the output of "shorewall show nat"
To stop the comment from being attached to further rules, simply
include COMMENT on a line by itself.
INTERFACE — interface[:[digit]]
Interface that has the EXTERNAL address. If ADD_IP_ALIASES=Yes
in shorewall.conf 〈shorewall.conf.html〉 (5), Shorewall will
automatically add the EXTERNAL address to this interface. Also
if ADD_IP_ALIASES=Yes, you may follow the interface name with
":" and a digit to indicate that you want Shorewall to add the
alias with this name (e.g., "eth0:0"). That allows you to see
the alias with ifconfig. That is the only thing that this name
is good for -- you cannot use it anwhere else in your Shorewall
If you want to override ADD_IP_ALIASES=Yes for a particular
entry, follow the interface name with ":" and no digit (e.g.,
INTERNAL — address
Internal Address (must not be a DNS Name).
ALL INTERFACES - [Yes|No]
If Yes or yes, NAT will be effective from all hosts. If No or no
(or left empty) then NAT will be effective only through the
interface named in the INTERFACE column.
LOCAL — [Yes|No]
If Yes or yes, NAT will be effective from the firewall system
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-
maclist(5), shorewall-masq(5), shorewall-netmap(5), shorewall-
params(5), shorewall-policy(5), shorewall-providers(5), shorewall-
proxyarp(5), shorewall-route_routes(5), shorewall-routestopped(5),
shorewall-rules(5), shorewall.conf(5), shorewall-tcclasses(5),
shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
24 June 2008 shorewall-nat(5)