diff --git a/manpages/shorewall-maclist.xml b/manpages/shorewall-maclist.xml
new file mode 100644
index 000000000..e2a75237a
--- /dev/null
+++ b/manpages/shorewall-maclist.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<refentry>
+  <refmeta>
+    <refentrytitle>shorewall-maclist</refentrytitle>
+
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>maclist</refname>
+
+    <refpurpose>Shorewall MAC Verification file</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>/etc/shorewall/maclist</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para>This file is used to define the MAC addresses and optionally their
+    associated IP addresses to be allowed to use the specified interface. The
+    feature is enabled by using the <emphasis role="bold">maclist</emphasis>
+    option in the shorewall-interfaces(5) or shorewall-hosts(5) configuration
+    file.</para>
+
+    <para> The columns in the file are as follows.</para>
+
+    <variablelist>
+      <varlistentry>
+        <term><emphasis role="bold">DISPOSITION</emphasis></term>
+
+        <listitem>
+          <para><emphasis role="bold">ACCEPT</emphasis> or <emphasis
+          role="bold">DROP</emphasis> (if MACLIST_TABLE=filter in
+          shorewall.conf(5), then REJECT is also allowed)</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">INTERFACE</emphasis></term>
+
+        <listitem>
+          <para>Network interface to a host. If the interface names a bridge,
+          it may be optionally followed by a colon (":") and a physical port
+          name (e.g., br0:eth4).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">MAC</emphasis></term>
+
+        <listitem>
+          <para>MAC address of the host -- you do not need to use the
+          Shorewall format for MAC addresses here. If <emphasis role="bold">IP
+          ADDRESSESES</emphasis> is supplied then <emphasis
+          role="bold">MAC</emphasis> can be supplied as a dash (<emphasis
+          role="bold">-</emphasis>)</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">IP ADDRESSES</emphasis> (Optional)</term>
+
+        <listitem>
+          <para>If specified, both the MAC and IP address must match. This
+          column can contain a comma-separated list of host and/or subnet
+          addresses. If your kernel and iptables have iprange match support
+          then IP address ranges are also allowed.</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>FILES</title>
+
+    <para>/etc/shorewall/maclist</para>
+  </refsect1>
+
+  <refsect1>
+    <title>See ALSO</title>
+
+    <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
+    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
+    shorewall-ipsec(5), shorewall-masq(5), shorewall-nat(5),
+    shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
+    shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_routes(5),
+    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
+    shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
+    shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
+  </refsect1>
+</refentry>
\ No newline at end of file
diff --git a/manpages/shorewall-nat.xml b/manpages/shorewall-nat.xml
new file mode 100644
index 000000000..45a4746f6
--- /dev/null
+++ b/manpages/shorewall-nat.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<refentry>
+  <refmeta>
+    <refentrytitle>shorewall-nat</refentrytitle>
+
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>nat</refname>
+
+    <refpurpose>Shorewall one-to-one NAT file</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>/etc/shorewall/nat</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para> This file is used to define one-to-one Network Address Translation
+    (NAT).</para>
+
+    <warning>
+      <para>If all you want to do is simple port forwarding, do NOT use this
+      file. See http://www.shorewall.net/FAQ.htm#faq1. Also, in most cases,
+      Proxy ARP is a better solution that one-to-one NAT.</para>
+    </warning>
+
+    <para> The columns in the file are as follows.</para>
+
+    <variablelist>
+      <varlistentry>
+        <term><emphasis role="bold">EXTERNAL</emphasis></term>
+
+        <listitem>
+          <para>External IP Address - this should NOT be the primary IP
+          address of the interface named in the next column and must not be a
+          DNS Name.</para>
+
+          <para>If you put COMMENT in this column, the rest of the line will
+          be attached as a comment to the Netfilter rule(s) generated by the
+          following entries in the file. The comment will appear delimited by
+          "/* ... */" in the output of "shorewall show nat"</para>
+
+          <para>To stop the comment from being attached to further rules,
+          simply include COMMENT on a line by itself. </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">INTERFACE</emphasis></term>
+
+        <listitem>
+          <para>Interface that has the <emphasis
+          role="bold">EXTERNAL</emphasis> address. If ADD_IP_ALIASES=Yes in
+          shorewall.conf(5), Shorewall will automatically add the EXTERNAL
+          address to this interface. Also if ADD_IP_ALIASES=Yes, you may
+          follow the interface name with ":" and a digit to indicate that you
+          want Shorewall to add the alias with this name (e.g., "eth0:0").
+          That allows you to see the alias with ifconfig. <emphasis
+          role="bold">That is the only thing that this name is good for -- you
+          cannot use it anwhere else in your Shorewall
+          configuration.</emphasis></para>
+
+          <para>If you want to override ADD_IP_ALIASES=Yes for a particular
+          entry, follow the interface name with ":" and no digit (e.g.,
+          "eth0:").</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">INTERNAL</emphasis></term>
+
+        <listitem>
+          <para>Internal Address (must not be a DNS Name).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">ALL INTERFACES</emphasis></term>
+
+        <listitem>
+          <para>If Yes or yes, NAT will be effective from all hosts. If No or
+          no (or left empty) then NAT will be effective only through the
+          interface named in the <emphasis role="bold">INTERFACE</emphasis>
+          column.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">LOCAL</emphasis></term>
+
+        <listitem>
+          <para>If <emphasis role="bold">Yes</emphasis> or <emphasis
+          role="bold">yes</emphasis>, NAT will be effective from the firewall
+          system</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>FILES</title>
+
+    <para>/etc/shorewall/nat</para>
+  </refsect1>
+
+  <refsect1>
+    <title>See ALSO</title>
+
+    <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
+    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
+    shorewall-maclist(5), shorewall-masq(5), shorewall-netmap(5),
+    shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
+    shorewall-proxyarp(5), shorewall-route_routes(5),
+    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
+    shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
+    shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
+  </refsect1>
+</refentry>
\ No newline at end of file