[Shorewall-users] NAT PAT & SNAT

Tom Eastep teastep at shorewall.net
Fri Jun 20 15:38:29 PDT 2003


On Fri, 2003-06-20 at 02:23, Jonas Anderson wrote:

> 
> The Cisco FW appears not to be configured using a DMZ since all the users
> and the servers co-exist on the same interface and NAT-network. I would have
> separated the servers from the users using two internal interfaces on the
> Shorewall box and then the use for a NAT-network on the DMZ (where the
> servers reside) would be obsolete. I could use the same public addresses as
> the PAT and SNAT have to fix in the Cisco FW setup. I would really really
> like to know how to setup the above anyway, for future use, so please
> enlighten me on this subject.

You can use both Static NAT and SNAT in the same zone as shown in the
setup guide that I referred you to earlier. The 'loc' zone in that guide
uses that technique as does my own local zone
(http://www.shorewall.net/myfiles.htm).

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep at shorewall.net



More information about the Shorewall-users mailing list