On 11/20/19 8:03 AM, Tom Eastep wrote: > On 11/20/19 12:41 AM, Benedict Simon Dcunha wrote: >> Dear All, >> >> >> >> I am using Shore wall for a long time and its working file . It >> connects to other department through our local ISP for our data >> connectivity with no access to internet >> >> Version 4.5.8 >> >> Os centos 5.9 64 Bit >> >> >> >> I am using a masq file as below for our network users to outside using >> the eth0 Ip which connects to the our gateway data router as below >> >> >> >> >> >> >> >> # For information about entries in this file, type "man shorewall-masq" >> >> ############################################################################### >> >> #INTERFACE SOURCE ADDRESS PROTO >> PORT(S) IPSEC MARK >> >> # >> >> eth0 172.16.0.0/16,\ >> >> 192.168.30.0/16,\ >> >> 91.198.134.0/24,\ >> >> 10.1.0.0/16,\ >> >> 10.2.1.0/24,\ >> >> 192.168.30.0/24,\ >> >> 192.168.144.0/24,\ >> >> 192.168.107.0/24 >> >> # >> >> >> >> This setup is working perfectly >> >> >> >> Now I have a new Server with the below >> >> >> >> Centos 7 >> >> Shorewall 5.1.10.2 >> >> >> >> Now the masq file is superseded by the snat file so I have the below >> SNAT file >> >> >> >> ACTION SOURCE >> DEST >> >> >> >> MASQUERADE 172.16.0.0/24 enp31s10f0 >> >> MASQUERADE 10.1.0.0/24 >> enp31s10f0 >> >> MASQUERADE 10.2.1.0/24 >> enp31s10f0 >> >> MASQUERADE 192.168.0.0/24 enp31s10f0 >> > Looks like the last one should be: > > MASQUERADE 192.168.0.0/16 enp31s10f0 > Note the /16 rather than /24.
-Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
