diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index 253c05940..1933fe75a 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -7,3 +7,5 @@ Changes since 2.0.0 3) Cleanup Warning elimination. 4) Add 'nobogons' + +4) Add 'netmap' diff --git a/Shorewall2/fallback.sh b/Shorewall2/fallback.sh index 034c73dbb..89f040893 100755 --- a/Shorewall2/fallback.sh +++ b/Shorewall2/fallback.sh @@ -91,6 +91,8 @@ restore_file /etc/shorewall/rules restore_file /etc/shorewall/nat +restore_file /etc/shorewall/netmap + restore_file /etc/shorewall/params restore_file /etc/shorewall/proxyarp diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 2984d40e3..25373c562 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -1775,6 +1775,23 @@ delete_nat() { [ -d ${STATEDIR} ] && touch ${STATEDIR}/nat } +# +# Setup Network Mapping (NETMAP) +# +setup_netmap() { + local allints + + while read net1 interface net2 ; do + expandv net1 interface net2 + + addnatrule $(input_chain $interface) -d $net1 -j NETMAP --to $net2 + addnatrule $(output_chain $interface) -s $net2 -j NETMAP --to $net1 + + echo " Network $net1 on $interface mapped to $net2" + + done < $TMP_DIR/netmap +} + # # Setup ECN disabling rules # @@ -4407,6 +4424,7 @@ initialize_netfilter () { strip_file proxyarp strip_file maclist strip_file nat + strip_file netmap terminator=fatal_error @@ -5118,6 +5136,10 @@ define_firewall() # $1 = Command (Start or Restart) setup_nat + echo "Setting up NETMAP..." + + setup_netmap + echo "Adding Common Rules" add_common_rules diff --git a/Shorewall2/install.sh b/Shorewall2/install.sh index 746ff00fe..5381359a1 100755 --- a/Shorewall2/install.sh +++ b/Shorewall2/install.sh @@ -270,6 +270,16 @@ else echo "NAT file installed as ${PREFIX}/etc/shorewall/nat" fi # +# Install the NETMAP file +# +if [ -f ${PREFIX}/etc/shorewall/netmap ]; then + backup_file /etc/shorewall/netmap +else + run_install -o $OWNER -g $GROUP -m 0600 netmap ${PREFIX}/etc/shorewall/netmap + echo + echo "NETMAP file installed as ${PREFIX}/etc/shorewall/netmap" +fi +# # Install the Parameters file # if [ -f ${PREFIX}/etc/shorewall/params ]; then diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 91136222a..4cd041178 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -35,5 +35,14 @@ New Features: http://shorewall.net/bridge.html +2) Support for NETMAP has been added. NETMAP allows NAT to be defined + between two network: + + a.b.c.1 <-> x.y.z.1 + a.b.c.2 <-> x.y.z.2 + a.b.c.3 <-> x.y.z.3 + ... + + http://shorewall.net/netmap.html diff --git a/Shorewall2/shorewall.spec b/Shorewall2/shorewall.spec index 43790284a..2e4b8fd27 100644 --- a/Shorewall2/shorewall.spec +++ b/Shorewall2/shorewall.spec @@ -78,6 +78,7 @@ fi %attr(0600,root,root) %config(noreplace) /etc/shorewall/interfaces %attr(0600,root,root) %config(noreplace) /etc/shorewall/rules %attr(0600,root,root) %config(noreplace) /etc/shorewall/nat +%attr(0600,root,root) %config(noreplace) /etc/shorewall/netmap %attr(0600,root,root) %config(noreplace) /etc/shorewall/params %attr(0600,root,root) %config(noreplace) /etc/shorewall/proxyarp %attr(0600,root,root) %config(noreplace) /etc/shorewall/routestopped @@ -138,9 +139,11 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %changelog -* Web Mar 17 2004 Tom Eastep +* Thu Mar 18 2004 Tom Eastep tom@shorewall.net +- Added netmap file +* Wed Mar 17 2004 Tom Eastep - Update for 2.0.1 Beta 1 -* Web Mar 17 2004 Tom Eastep +* Wed Mar 17 2004 Tom Eastep - Add bogons file * Sat Mar 13 2004 Tom Eastep - Update for 2.0.0 Final