<?xml version="1.0" encoding="UTF-8"?>
<refentry>
  <refmeta>
    <refentrytitle>shorewall-netmap</refentrytitle>

    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>netmap</refname>

    <refpurpose>Shorewall NETMAP definition file</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>/etc/shorewall/netmap</command>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para>This file is used to map addresses in one network to corresponding
    addresses in a second network.</para>

    <warning>
      <para>To use this file, your kernel and iptables must have NETMAP
      support included.</para>
    </warning>

    <para>The columns in the file are as follows.</para>

    <variablelist>
      <varlistentry>
        <term><emphasis role="bold">TYPE</emphasis> - <emphasis
        role="bold">DNAT</emphasis>|<emphasis
        role="bold">SNAT</emphasis></term>

        <listitem>
          <para>Must be DNAT or SNAT.</para>

          <para>If DNAT, traffic entering INTERFACE and addressed to NET1 has
          it's destination address rewritten to the corresponding address in
          NET2.</para>

          <para>If SNAT, traffic leaving INTERFACE with a source address in
          NET1 has it's source address rewritten to the corresponding address
          in NET2.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><emphasis role="bold">NET1</emphasis> -
        <emphasis>network-address</emphasis></term>

        <listitem>
          <para>Network in CIDR format (e.g., 192.168.1.0/24).</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><emphasis role="bold">INTERFACE</emphasis> -
        <emphasis>interface</emphasis></term>

        <listitem>
          <para>The name of a network interface. The interface must be defined
          in <ulink
          url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5)
          Prior to Shorewall 4.1.4, this must be an exact match.
          Shorewall-perl 4.1.4 and later allow loose matches to wildcard
          entries in <ulink
          url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). For
          example, <filename class="devicefile">ppp0</filename> in this file
          will match a <ulink
          url="shorewall-interfaces.html">shorewall-interfaces</ulink>(8)
          entry that defines <filename
          class="devicefile">ppp+</filename>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><emphasis role="bold">NET2</emphasis> -
        <emphasis>network-address</emphasis></term>

        <listitem>
          <para>Network in CIDR format</para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>FILES</title>

    <para>/etc/shorewall/netmap</para>
  </refsect1>

  <refsect1>
    <title>See ALSO</title>

    <para><ulink
    url="http://shorewall.net/netmap.html">http://shorewall.net/netmap.html</ulink></para>

    <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
    shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
    shorewall-nat(5), shorewall-params(5), shorewall-policy(5),
    shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5),
    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
    shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
    shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
  </refsect1>
</refentry>