shorewall-netmap
5
netmap
Shorewall NETMAP definition file
/etc/shorewall/netmap
Description
This file is used to map addresses in one network to corresponding
addresses in a second network.
To use this file, your kernel and iptables must have NETMAP
support included.
The columns in the file are as follows.
TYPE - {DNAT|SNAT}[:{P|O|T}]
Must be DNAT or SNAT; beginning with Shorewall 4.4.23, may be
optionally followed by :P, :O or :T to perform stateless
NAT. Stateless NAT requires Rawpost Table
support in your kernel and iptables (see the output of
shorewall show capabilities).
If DNAT or DNAT:P, traffic entering INTERFACE and addressed to
NET1 has its destination address rewritten to the corresponding
address in NET2.
If SNAT or SNAT:T, traffic leaving INTERFACE with a source
address in NET1 has it's source address rewritten to the
corresponding address in NET2.
If DNAT:O, traffic originating on the firewall and leaving via
INTERFACE and addressed to NET1 has its destination address
rewritten to the corresponding address in NET2.
If DNAT:P, traffic entering via INTERFACE and addressed to
NET1 has its destination address rewritten to the corresponding
address in NET2.
If SNAT:T, traffic leaving via INTERFACE with a source address
in NET1 has it's source address rewritten to the corresponding
address in NET2.
If SNAT:O, traffic originating on the firewall and leaving via
INTERFACE with a source address in NET1 has it's source address
rewritten to the corresponding address in NET2.
NET1 -
network-address
Network in CIDR format (e.g., 192.168.1.0/24).
INTERFACE -
interface
The name of a network interface. The interface must be defined
in shorewall-interfaces(5).
Shorewall allows loose matches to wildcard entries in shorewall-interfaces(5). For
example, ppp0 in this file
will match a shorewall-interfaces(8)
entry that defines ppp+.
NET2 -
network-address
Network in CIDR format
NET3 (Optional) -
network-address
Added in Shorewall 4.4.11. If specified, qualifies INTERFACE.
It specifies a SOURCE network for DNAT rules and a DESTINATON
network for SNAT rules.
FILES
/etc/shorewall/netmap
See ALSO
http://shorewall.net/netmap.html
shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
shorewall-nat(5), shorewall-params(5), shorewall-policy(5),
shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5),
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
shorewall-zones(5)