Re: [SLE] selective NAT possible?

On 30/03/06 10:50, Tathagata Banerjee wrote:
Darryl Gregorash wrote:

These are sufficient to enable masquerading for all systems in your
internal network. To restrict which of those systems can actually access
the internet, you also need

FW_MASQ_NETS set it equal to the desired net/mask, here 172.16.0.0/16.




so suppose i want to do NAT only for 172.16.0.5 and 172.16.2.10, and
block the rest of the network.

do i set the value of the FW_MASQ_NETS field to 172.16.0.5/32 and
172.16.2.10/32 ?

additionally, the gateway also serves the 192.168.0.0/24 network, on
which there is no sharing restriction.

so there are 3 network interfaces:

o 1 external and connected to the internet

o 1 internal with restrictions (172.16.0.0/16, on which i want to
serve only 172.16.0.5 and 172.16.2.10)

and

o another internal with no restriction (192.168.0.0/24)


could you please give me the syntax of the FW_MASQ_NETS field that
would fit the above scenario?

192.168.0.0/24 172.16.0.5 172.16.2.10

You will also enter both internal device ids in FW_DEV_INT, eg
"eth-id-00:e0:4c:9f:61:9a eth-id-00:b4:e2:5a:43:81"

The descriptions of the variables in /etc/sysconfig/SuSEfirewall2 (which
is what you are editing in the sysconfig editor) really are quite
descriptive. Read carefully, and they will help you to figure out
exactly what you need to do.

--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx

Relevant Pages