'\" t
.\"     Title: shorewall6-nat
.\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\"      Date: 10/19/2014
.\"    Manual: Configuration Files
.\"    Source: Configuration Files
.\"  Language: English
.\"
.TH "SHOREWALL6\-NAT" "5" "10/19/2014" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
nat \- Shorewall6 one\-to\-one NAT file
.SH "SYNOPSIS"
.HP \w'\fB/etc/shorewall6/nat\fR\ 'u
\fB/etc/shorewall6/nat\fR
.SH "DESCRIPTION"
.PP
This file is used to define one\-to\-one Network Address Translation (NAT)\&.
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBWarning\fR
.ps -1
.br
.PP
If all you want to do is simple port forwarding, do NOT use this file\&. See
\m[blue]\fBhttp://www\&.shorewall\&.net/FAQ\&.htm#faq1\fR\m[]\&\s-2\u[1]\d\s+2\&.
.sp .5v
.RE
.PP
The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax)\&.
.PP
\fBEXTERNAL\fR \- {\fIaddress\fR|[?]COMMENT}
.RS 4
External IP Address \- this should NOT be the primary IP address of the interface named in the next column and must not be a DNS Name\&.
.sp
If you put COMMENT in this column, the rest of the line will be attached as a comment to the Netfilter rule(s) generated by the following entries in the file\&. The comment will appear delimited by "/* \&.\&.\&. */" in the output of "shorewall show nat"
.sp
To stop the comment from being attached to further rules, simply include COMMENT on a line by itself\&.
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
Beginning with Shorewall 4\&.5\&.11, ?COMMENT is a synonym for COMMENT and is preferred\&.
.sp .5v
.RE
.RE
.PP
\fBINTERFACE\fR \- \fIinterfacelist\fR[\fB:\fR[\fIdigit\fR]]
.RS 4
Interfaces that have the
\fBEXTERNAL\fR
address\&. If ADD_IP_ALIASES=Yes in
\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5), Shorewall will automatically add the EXTERNAL address to this interface\&. Also if ADD_IP_ALIASES=Yes, you may follow the interface name with ":" and a
\fIdigit\fR
to indicate that you want Shorewall to add the alias with this name (e\&.g\&., "eth0:0")\&. That allows you to see the alias with ifconfig\&.
\fBThat is the only thing that this name is good for \-\- you cannot use it anywhere else in your Shorewall configuration\&. \fR
.sp
Each interface must match an entry in
\m[blue]\fBshorewall6\-interfaces\fR\m[]\&\s-2\u[3]\d\s+2(5)\&. Shorewall allows loose matches to wildcard entries in
\m[blue]\fBshorewall6\-interfaces\fR\m[]\&\s-2\u[4]\d\s+2(5)\&. For example,
ppp0
in this file will match a
\m[blue]\fBshorewall6\-interfaces\fR\m[]\&\s-2\u[3]\d\s+2(5) entry that defines
ppp+\&.
.sp
If you want to override ADD_IP_ALIASES=Yes for a particular entry, follow the interface name with ":" and no digit (e\&.g\&., "eth0:")\&.
.RE
.PP
\fBINTERNAL\fR \- \fIaddress\fR
.RS 4
Internal Address (must not be a DNS Name)\&.
.RE
.PP
\fBALL INTERFACES\fR (allints) \- [\fBYes\fR|\fBNo\fR]
.RS 4
If Yes or yes, NAT will be effective from all hosts\&. If No or no (or left empty) then NAT will be effective only through the interface named in the
\fBINTERFACE\fR
column\&.
.RE
.PP
\fBLOCAL\fR \- [\fBYes\fR|\fBNo\fR]
.RS 4
If
\fBYes\fR
or
\fByes\fR, NAT will be effective from the firewall system
.RE
.SH "FILES"
.PP
/etc/shorewall6/nat
.SH "SEE ALSO"
.PP
\m[blue]\fBhttp://www\&.shorewall\&.net/NAT\&.htm\fR\m[]\&\s-2\u[5]\d\s+2
.PP
\m[blue]\fBhttp://www\&.shorewall\&.net/configuration_file_basics\&.htm#Pairs\fR\m[]\&\s-2\u[6]\d\s+2
.SH "NOTES"
.IP " 1." 4
http://www.shorewall.net/FAQ.htm#faq1
.RS 4
\%http://www.shorewall.net/FAQ.htm#faq1
.RE
.IP " 2." 4
shorewall6.conf
.RS 4
\%http://www.shorewall.net/manpages/shorewall.conf.html
.RE
.IP " 3." 4
shorewall6-interfaces
.RS 4
\%http://www.shorewall.net/manpages/shorewall6-interfaces.html
.RE
.IP " 4." 4
shorewall6-interfaces
.RS 4
\%http://www.shorewall.net/manpages/shorewall-interfaces.html
.RE
.IP " 5." 4
http://www.shorewall.net/NAT.htm
.RS 4
\%http://www.shorewall.net/NAT.htm
.RE
.IP " 6." 4
http://www.shorewall.net/configuration_file_basics.htm#Pairs
.RS 4
\%http://www.shorewall.net/configuration_file_basics.htm#Pairs
.RE