From 316866482b7444ba3dc0eadd30913354e61bf434 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 5 Oct 2014 19:54:19 -0700 Subject: [PATCH] Add ipv6 nat file and manpage Signed-off-by: Tom Eastep --- Shorewall6/configfiles/nat | 10 ++ Shorewall6/manpages/shorewall6-nat.xml | 154 +++++++++++++++++++++++++ 2 files changed, 164 insertions(+) create mode 100644 Shorewall6/configfiles/nat create mode 100644 Shorewall6/manpages/shorewall6-nat.xml diff --git a/Shorewall6/configfiles/nat b/Shorewall6/configfiles/nat new file mode 100644 index 000000000..6a4a65d89 --- /dev/null +++ b/Shorewall6/configfiles/nat @@ -0,0 +1,10 @@ +# +# Shorewall version 4 - Nat File +# +# For information about entries in this file, type "man shorewall-nat" +# +# For additional information, see http://shorewall.net/NAT.htm +# +############################################################################### +#EXTERNAL INTERFACE INTERNAL ALL LOCAL +# INTERFACES diff --git a/Shorewall6/manpages/shorewall6-nat.xml b/Shorewall6/manpages/shorewall6-nat.xml new file mode 100644 index 000000000..0ab6e4bf0 --- /dev/null +++ b/Shorewall6/manpages/shorewall6-nat.xml @@ -0,0 +1,154 @@ + + + + + shorewall6-nat + + 5 + + Configuration Files + + + + nat + + Shorewall6 one-to-one NAT file + + + + + /etc/shorewall6/nat + + + + + Description + + This file is used to define one-to-one Network Address Translation + (NAT). + + + If all you want to do is simple port forwarding, do NOT use this + file. See http://www.shorewall.net/FAQ.htm#faq1. Also, + in many cases, Proxy ARP (shorewall-proxyarp(5)) + is a better solution that one-to-one NAT. + + + The columns in the file are as follows (where the column name is + followed by a different name in parentheses, the different name is used in + the alternate specification syntax). + + + + EXTERNAL - + {address|[?]COMMENT} + + + External IP Address - this should NOT be the primary IP + address of the interface named in the next column and must not be a + DNS Name. + + If you put COMMENT in this column, the rest of the line will + be attached as a comment to the Netfilter rule(s) generated by the + following entries in the file. The comment will appear delimited by + "/* ... */" in the output of "shorewall show nat" + + To stop the comment from being attached to further rules, + simply include COMMENT on a line by itself. + + + Beginning with Shorewall 4.5.11, ?COMMENT is a synonym for + COMMENT and is preferred. + + + + + + INTERFACE - + interfacelist[:[digit]] + + + Interfaces that have the EXTERNAL address. If ADD_IP_ALIASES=Yes in + shorewall6.conf(5), + Shorewall will automatically add the EXTERNAL address to this + interface. Also if ADD_IP_ALIASES=Yes, you may follow the interface + name with ":" and a digit to indicate that you + want Shorewall to add the alias with this name (e.g., "eth0:0"). + That allows you to see the alias with ifconfig. That is the only thing that this name is good for -- you + cannot use it anywhere else in your Shorewall configuration. + + + Each interface must match an entry in shorewall6-interfaces(5). + Shorewall allows loose matches to wildcard entries in shorewall6-interfaces(5). + For example, ppp0 in this + file will match a shorewall-interfaces(5) + entry that defines ppp+. + + If you want to override ADD_IP_ALIASES=Yes for a particular + entry, follow the interface name with ":" and no digit (e.g., + "eth0:"). + + + + + INTERNAL - + address + + + Internal Address (must not be a DNS Name). + + + + + ALL INTERFACES (allints) - + [Yes|No] + + + If Yes or yes, NAT will be effective from all hosts. If No or + no (or left empty) then NAT will be effective only through the + interface named in the INTERFACE + column. + + + + + LOCAL - [Yes|No] + + + If Yes or yes, NAT will be effective from the firewall + system + + + + + + + FILES + + /etc/shorewall6/nat + + + + See ALSO + + http://www.shorewall.net/NAT.htm + + http://www.shorewall.net/configuration_file_basics.htm#Pairs + +