📄 shorewall-nat.5
字号:
.\" Title: shorewall-nat.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author].\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>.\" Date: 03/19/2009.\" Manual: [FIXME: manual].\" Source: [FIXME: source].\" Language: English.\".TH "SHOREWALL\-NAT" "5" "03/19/2009" "[FIXME: source]" "[FIXME: manual]".\" -----------------------------------------------------------------.\" * (re)Define some macros.\" -----------------------------------------------------------------.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.\" toupper - uppercase a string (locale-aware).\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.de toupper.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ\\$*.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz...\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.\" SH-xref - format a cross-reference to an SH section.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.de SH-xref.ie n \{\.\}.toupper \\$*.el \{\\\$*.\}...\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.\" SH - level-one heading that works better for non-TTY output.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.de1 SH.\" put an extra blank line of space above the head in non-TTY output.if t \{\.sp 1.\}.sp \\n[PD]u.nr an-level 1.set-an-margin.nr an-prevailing-indent \\n[IN].fi.in \\n[an-margin]u.ti 0.HTML-TAG ".NH \\n[an-level]".it 1 an-trap.nr an-no-space-flag 1.nr an-break-flag 1\." make the size of the head bigger.ps +3.ft B.ne (2v + 1u).ie n \{\.\" if n (TTY output), use uppercase.toupper \\$*.\}.el \{\.nr an-break-flag 0.\" if not n (not TTY), use normal case (not uppercase)\\$1.in \\n[an-margin]u.ti 0.\" if not n (not TTY), put a border/line under subheading.sp -.6\l'\n(.lu'.\}...\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.\" SS - level-two heading that works better for non-TTY output.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.de1 SS.sp \\n[PD]u.nr an-level 1.set-an-margin.nr an-prevailing-indent \\n[IN].fi.in \\n[IN]u.ti \\n[SN]u.it 1 an-trap.nr an-no-space-flag 1.nr an-break-flag 1.ps \\n[PS-SS]u\." make the size of the head bigger.ps +2.ft B.ne (2v + 1u).if \\n[.$] \&\\$*...\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.\" BB/BE - put background/screen (filled box) around block of text.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.de BB.if t \{\.sp -.5.br.in +2n.ll -2n.gcolor red.di BX.\}...de EB.if t \{\.if "\\$2"adjust-for-leading-newline" \{\.sp -1.\}.br.di.in.ll.gcolor.nr BW \\n(.lu-\\n(.i.nr BH \\n(dn+.5v.ne \\n(BHu+.5v.ie "\\$2"adjust-for-leading-newline" \{\\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[].\}.el \{\\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[].\}.in 0.sp -.5v.nf.BX.in.sp .5v.fi.\}...\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.\" BM/EM - put colored marker in margin next to block of text.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.de BM.if t \{\.br.ll -2n.gcolor red.di BX.\}...de EM.if t \{\.br.di.ll.gcolor.nr BH \\n(dn.ne \\n(BHu\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[].in 0.nf.BX.in.fi.\}...\" -----------------------------------------------------------------.\" * set default formatting.\" -----------------------------------------------------------------.\" disable hyphenation.nh.\" disable justification (adjust text to left margin only).ad l.\" -----------------------------------------------------------------.\" * MAIN CONTENT STARTS HERE *.\" -----------------------------------------------------------------.SH "Name"nat \- Shorewall one\-to\-one NAT file.SH "Synopsis".fam C.HP \w'\fB/etc/shorewall/nat\fR\ 'u\fB/etc/shorewall/nat\fR.fam.SH "Description".PPThis file is used to define one\-to\-one Network Address Translation (NAT)\&..if n \{\.sp.\}.RS 4.BM yellow.it 1 an-trap.nr an-no-space-flag 1.nr an-break-flag 1.br.ps +1\fBWarning\fR.ps -1.br.PPIf all you want to do is simple port forwarding, do NOT use this file\&. See\m[blue]\fBhttp://www\&.shorewall\&.net/FAQ\&.htm#faq1\fR\m[]\&\s-2\u[1]\d\s+2\&. Also, in many cases, Proxy ARP (\m[blue]\fBshorewall\-proxyarp\fR\m[]\&\s-2\u[2]\d\s+2(5)) is a better solution that one\-to\-one NAT\&..sp .5v.EM yellow.RE.PPThe columns in the file are as follows\&..PP\fBEXTERNAL\fR \- \fIaddress\fR.RS 4External IP Address \- this should NOT be the primary IP address of the interface named in the next column and must not be a DNS Name\&..spIf you put COMMENT in this column, the rest of the line will be attached as a comment to the Netfilter rule(s) generated by the following entries in the file\&. The comment will appear delimited by "/* \&.\&.\&. */" in the output of "shorewall show nat".spTo stop the comment from being attached to further rules, simply include COMMENT on a line by itself\&..RE.PP\fBINTERFACE\fR \- \fIinterfacelist\fR[\fB:\fR[\fIdigit\fR]].RS 4Interfacees that have the\fBEXTERNAL\fRaddress\&. If ADD_IP_ALIASES=Yes in\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5), Shorewall will automatically add the EXTERNAL address to this interface\&. Also if ADD_IP_ALIASES=Yes, you may follow the interface name with ":" and a\fIdigit\fRto indicate that you want Shorewall to add the alias with this name (e\&.g\&., "eth0:0")\&. That allows you to see the alias with ifconfig\&.\fBThat is the only thing that this name is good for \-\- you cannot use it anwhere else in your Shorewall configuration\&. \fR.spEach interface must match an entry in\m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[4]\d\s+2(5)\&. Prior to Shorewall 4\&.1\&.4, this must be an exact match\&. Shorewall\-perl 4\&.1\&.4 and later allow loose matches to wildcard entries in\m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[4]\d\s+2(5)\&. For example,\FCppp0\F[]in this file will match a\m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[4]\d\s+2(5) entry that defines\FCppp+\F[]\&..spPrior to Shorewall 4\&.1\&.4,\fIinterfacelist\fRmust be a single interface name\&. Beginning with Shorewall\-perl 4\&.1\&.4, Shorewall\-perl users may specify a comma\-separated list of interfaces\&..spIf you want to override ADD_IP_ALIASES=Yes for a particular entry, follow the interface name with ":" and no digit (e\&.g\&., "eth0:")\&..RE.PP\fBINTERNAL\fR \- \fIaddress\fR.RS 4Internal Address (must not be a DNS Name)\&..RE.PP\fBALL INTERFACES\fR \- [\fBYes\fR|\fBNo\fR].RS 4If Yes or yes, NAT will be effective from all hosts\&. If No or no (or left empty) then NAT will be effective only through the interface named in the\fBINTERFACE\fRcolumn\&..RE.PP\fBLOCAL\fR \- [\fBYes\fR|\fBNo\fR].RS 4If\fBYes\fRor\fByes\fR, NAT will be effective from the firewall system.RE.SH "FILES".PP/etc/shorewall/nat.SH "See ALSO".PP\m[blue]\fBhttp://shorewall\&.net/NAT\&.htm\fR\m[].PPshorewall(8), shorewall\-accounting(5), shorewall\-actions(5), shorewall\-blacklist(5), shorewall\-hosts(5), shorewall\-interfaces(5), shorewall\-maclist(5), shorewall\-masq(5), shorewall\-netmap(5), shorewall\-params(5), shorewall\-policy(5), shorewall\-providers(5), shorewall\-proxyarp(5), shorewall\-route_rules(5), shorewall\-routestopped(5), shorewall\-rules(5), shorewall\&.conf(5), shorewall\-tcclasses(5), shorewall\-tcdevices(5), shorewall\-tcrules(5), shorewall\-tos(5), shorewall\-tunnels(5), shorewall\-zones(5).SH "Notes".IP " 1." 4http://www.shorewall.net/FAQ.htm#faq1.RS 4\%http://www.shorewall.net/FAQ.htm#faq1.RE.IP " 2." 4shorewall-proxyarp.RS 4\%http://www.shorewall.net/manpages/shorewall-proxyarp.html.RE.IP " 3." 4shorewall.conf.RS 4\%http://www.shorewall.net/manpages/shorewall.conf.html.RE.IP " 4." 4shorewall-interfaces.RS 4\%http://www.shorewall.net/manpages/shorewall-interfaces.html.RE⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -