<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<refentry>
<refmeta>
<refentrytitle>shorewall-netmap</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>netmap</refname>
<refpurpose>Shorewall NETMAP definition file</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>/etc/shorewall/netmap</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>This file is used to map addresses in one network to corresponding
addresses in a second network.</para>
<warning>
<para>To use this file, your kernel and iptables must have NETMAP
support included.</para>
</warning>
<para>The columns in the file are as follows.</para>
<variablelist>
<varlistentry>
<term><emphasis role="bold">TYPE</emphasis> - <emphasis
role="bold">DNAT</emphasis>|<emphasis
role="bold">SNAT</emphasis></term>
<listitem>
<para>Must be DNAT or SNAT.</para>
<para>If DNAT, traffic entering INTERFACE and addressed to NET1 has
its destination address rewritten to the corresponding address in
NET2.</para>
<para>If SNAT, traffic leaving INTERFACE with a source address in
NET1 has it's source address rewritten to the corresponding address
in NET2.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">NET1</emphasis> -
<emphasis>network-address</emphasis></term>
<listitem>
<para>Network in CIDR format (e.g., 192.168.1.0/24).</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">INTERFACE</emphasis> -
<emphasis>interface</emphasis></term>
<listitem>
<para>The name of a network interface. The interface must be defined
in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5).
Shorewall allows loose matches to wildcard entries in <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5). For
example, <filename class="devicefile">ppp0</filename> in this file
will match a <ulink
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(8)
entry that defines <filename
class="devicefile">ppp+</filename>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">NET2</emphasis> -
<emphasis>network-address</emphasis></term>
<listitem>
<para>Network in CIDR format</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">NET3 (Optional)</emphasis> -
<emphasis>network-address</emphasis></term>
<listitem>
<para>Added in Shorewall 4.4.11. If specified, qualifies INTERFACE.
It specifies a SOURCE network for DNAT rules and a DESTINATON
network for SNAT rules.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FILES</title>
<para>/etc/shorewall/netmap</para>
</refsect1>
<refsect1>
<title>See ALSO</title>
<para><ulink
url="http://shorewall.net/netmap.html">http://shorewall.net/netmap.html</ulink></para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),
shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
shorewall-proxyarp(5), shorewall-route_rules(5),
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
</refsect1>
</refentry>