Olav Vitters wrote: > On Fri, May 11, 2012 at 12:44:16PM +0100, Timothy Murphy wrote: >> I couldn't find a clear account of the effect of the line >> anywhere in the shorewall documentation. > > Add it, apply the changes and run the following as root: > iptables -t nat -L -n > > That'll tell you what it does. I did do that: ---------------------------------- [tim@grover two-interfaces]$ sudo iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination dnat all -- 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT) target prot opt source destination eth0_masq all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain dnat (1 references) target prot opt source destination net_dnat all -- 0.0.0.0/0 0.0.0.0/0 Chain eth0_masq (1 references) target prot opt source destination MASQUERADE all -- 192.168.2.0/24 0.0.0.0/0 ---------------------------------- I don't find this very clear. I take it that it supports what I said, namely ================================== ------------------------------- I have the lines #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 eth1 in /etc/shorewall/masq on my server. ------------------------------- My question is: what exactly is the effect of this? Does IP masquerading by default only apply to the firewall server to modem interface (eth0 in my case)? And does the above line mean that it will also be applied to packets reaching the firewall server on the eth1 LAN? ================================== If I was right, wouldn't it have been simpler just to say, "Yes, you are right"? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College Dublin -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
