From 2e7d1ac4a3138f308d34d42f25e4ec90cbf10e5e Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 24 Sep 2020 11:19:12 -0700 Subject: [PATCH] Update shorewall-snat(5) - Delete incorrect statement about a list of addresses in SNAT() - Replace IPv4 Example 6 with one that uses the PROBABILITY column Signed-off-by: Tom Eastep --- Shorewall/manpages/shorewall-snat.xml | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/Shorewall/manpages/shorewall-snat.xml b/Shorewall/manpages/shorewall-snat.xml index 6d6bbf4d5..948af8c2a 100644 --- a/Shorewall/manpages/shorewall-snat.xml +++ b/Shorewall/manpages/shorewall-snat.xml @@ -207,9 +207,6 @@ the IP addresses configured on the interface named in the DEST column and substitute them in this column. - Finally, you may also specify a comma-separated list of - ranges and/or addresses in this column. - DNS Names names are not allowed. Normally, Netfilter will attempt to retain the source @@ -805,21 +802,16 @@ IPv4 Example 6: - SNAT outgoing connections on eth0 from 192.168.1.0/24 in - round-robin fashion between addresses 1.1.1.1, 1.1.1.3, and 1.1.1.9 - (Shorewall 4.5.9 and later). + SNAT outgoing connections on eth0 from 192.168.1.0/24 randomly + to addresses 1.1.1.1, 1.1.1.3, and 1.1.1.9 (Shorewall 5.0.0 and + later). - /etc/shorewall/tcrules: - - #ACTION SOURCE DEST PROTO DPORT SPORT USER TEST - 1-3:CF 192.168.1.0/24 eth0 ; state=NEW - -/etc/shorewall/snat: + /etc/shorewall/snat: #ACTION SOURCE DEST - SNAT(1.1.1.1) 192.168.1.0/24 eth0 { mark=1:C } - SNAT(1.1.1.3) 192.168.1.0/24 eth0 { mark=2:C } - SNAT(1.1.1.9) 192.168.1.0/24 eth0 { mark=3:C } + SNAT(1.1.1.1) 192.168.1.0/24 eth0 { probability=0.33 } + SNAT(1.1.1.3) 192.168.1.0/24 eth0 { probability=0.50 } + SNAT(1.1.1.9) 192.168.1.0/24 eth0