shorewall-netmap 5 netmap Shorewall NETMAP definition file /etc/shorewall/netmap This file is used to map addresses in one network to corresponding addresses in a second network. To use this file, your kernel and iptables must have NETMAP support included. The columns in the file are as follows. TYPE - {DNAT|SNAT}[:{P|O|T}] Must be DNAT or SNAT; beginning with Shorewall 4.4.23, may be optionally followed by :P, :O or :T to perform stateless NAT. Stateless NAT requires Rawpost Table support in your kernel and iptables (see the output of shorewall show capabilities). If DNAT or DNAT:P, traffic entering INTERFACE and addressed to NET1 has its destination address rewritten to the corresponding address in NET2. If SNAT or SNAT:T, traffic leaving INTERFACE with a source address in NET1 has it's source address rewritten to the corresponding address in NET2. If DNAT:O, traffic originating on the firewall and leaving via INTERFACE and addressed to NET1 has its destination address rewritten to the corresponding address in NET2. If DNAT:P, traffic entering via INTERFACE and addressed to NET1 has its destination address rewritten to the corresponding address in NET2. If SNAT:P, traffic entering via INTERFACE with a destination address in NET1 has it's source address rewritten to the corresponding address in NET2. If SNAT:O, traffic originating on the firewall and leaving via INTERFACE with a source address in NET1 has it's source address rewritten to the corresponding address in NET2. NET1 - network-address Network in CIDR format (e.g., 192.168.1.0/24). INTERFACE - interface The name of a network interface. The interface must be defined in shorewall-interfaces(5). Shorewall allows loose matches to wildcard entries in shorewall-interfaces(5). For example, ppp0 in this file will match a shorewall-interfaces(8) entry that defines ppp+. NET2 - network-address Network in CIDR format NET3 (Optional) - network-address Added in Shorewall 4.4.11. If specified, qualifies INTERFACE. It specifies a SOURCE network for DNAT rules and a DESTINATON network for SNAT rules. /etc/shorewall/netmap http://shorewall.net/netmap.html shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)