Differences

This shows you the differences between two versions of the page.

--- doc:appunti:linux:sa:iptables [2020/06/15 09:59] – niccolo
+++ doc:appunti:linux:sa:iptables [2020/11/23 15:25] – [Shorewall and DNAT onto a local host] niccolo
@@ Line 47: / Line 47: @@
 </code>
-In ''**/etc/shorewall/masq**'':
+For Shorewall 5 we nedd a line in **/etc/shorewall/snat**:
+<code>
+#ACTION               SOURCE           DEST               PROTO  PORT
+SNAT(192.168.1.254)   192.168.1.0/24   eth0:192.168.1.5   tcp    www
+</code>
+Shorewall 4 instead requires a line in **/etc/shorewall/masq**:
 <code>
@@ Line 64: / Line 71: @@
 ===== Shorewall with router in local LAN =====
+Hosts in LAN#1 may access hosts in LAN#2 by just adding a static route to the **192.168.2.0/24 network** via the **192.168.1.10 gateway**, but it is very annoying to modify the routing table into several hosts.
 {{shorewall-router-in-lan.png?400|Shorewall with router in LAN}}
-Hosts in LAN#1 can access hosts in LAN#2 by just adding a route to the 192.168.2.0/24 FIXME
+You can instead make **two configurations** on the Shorewall firewall. First of all you add the static route into **/etc/network/interfaces**:
+<file>
+auto eth1
+iface eth1 inet static
+    address 192.168.1.1
+    netmask 255.255.255.0
+    up   /sbin/route add -net 192.168.2.0/24 gw 192.168.1.10 || true
+    down /sbin/route del -net 192.168.2.0/24 gw 192.168.1.10 || true
+</file>
+then you have to add the **routeback** option for the **eth1** interfaces in the **/etc/shorewall/interfaces** file:
+<file>
+loc    eth1    routeback
+</file>
 ===== Iptables schema =====