Hi, Wonder if this is possible, on some comercial firewalls (pix/checkpoint) you can masq (hide NAT) all outgoing traffic but then you can do exclutions based on a certain source/destinations combo:
ie what I want is : (eth1 = dsl eth0 = internal) eth1:192.168.10.0/24 eth0!192.168.0.0/24 eth1 eth0 however it dies with a error: iptables v1.3.5: Unknown arg `--sport' Try `iptables -h' or 'iptables --help' for more information. ERROR: Command "/sbin/iptables -t nat -A ppp0_masq -s 192.168.10.0/24 -d 192.168.0.0/24 --sport 53 -m policy --pol none --dir out -j" Failed So what that will give me is if the internal network 192.168.0.0/24 goes to 192.168.10.0/24 masq will not happen, however if it goes anywhere else on the internet masq will happen. What I used to do on checkpoint was setup hide nat but then in the translation table I set a 192.168.0.0/24 192.168.10.0/24 original original I am currently running shorewall ver 3.2.4 Any help would be appreciated. Regards Rabie ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
