'\" t
.\"     Title: shorewall-nat
.\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
.\"      Date: 06/28/2012
.\"    Manual: [FIXME: manual]
.\"    Source: [FIXME: source]
.\"  Language: English
.\"
.TH "SHOREWALL\-NAT" "5" "06/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
nat \- Shorewall one\-to\-one NAT file
.SH "SYNOPSIS"
.HP \w'\fB/etc/shorewall/nat\fR\ 'u
\fB/etc/shorewall/nat\fR
.SH "DESCRIPTION"
.PP
This file is used to define one\-to\-one Network Address Translation (NAT)\&.
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBWarning\fR
.ps -1
.br
.PP
If all you want to do is simple port forwarding, do NOT use this file\&. See
\m[blue]\fBhttp://www\&.shorewall\&.net/FAQ\&.htm#faq1\fR\m[]\&\s-2\u[1]\d\s+2\&. Also, in many cases, Proxy ARP (\m[blue]\fBshorewall\-proxyarp\fR\m[]\&\s-2\u[2]\d\s+2(5)) is a better solution that one\-to\-one NAT\&.
.sp .5v
.RE
.PP
The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax)\&.
.PP
\fBEXTERNAL\fR \- {\fIaddress\fR|COMMENT}
.RS 4
External IP Address \- this should NOT be the primary IP address of the interface named in the next column and must not be a DNS Name\&.
.sp
If you put COMMENT in this column, the rest of the line will be attached as a comment to the Netfilter rule(s) generated by the following entries in the file\&. The comment will appear delimited by "/* \&.\&.\&. */" in the output of "shorewall show nat"
.sp
To stop the comment from being attached to further rules, simply include COMMENT on a line by itself\&.
.RE
.PP
\fBINTERFACE\fR \- \fIinterfacelist\fR[\fB:\fR[\fIdigit\fR]]
.RS 4
Interfaces that have the
\fBEXTERNAL\fR
address\&. If ADD_IP_ALIASES=Yes in
\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5), Shorewall will automatically add the EXTERNAL address to this interface\&. Also if ADD_IP_ALIASES=Yes, you may follow the interface name with ":" and a
\fIdigit\fR
to indicate that you want Shorewall to add the alias with this name (e\&.g\&., "eth0:0")\&. That allows you to see the alias with ifconfig\&.
\fBThat is the only thing that this name is good for \-\- you cannot use it anwhere else in your Shorewall configuration\&. \fR
.sp
Each interface must match an entry in
\m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[4]\d\s+2(5)\&. Shorewall allows loose matches to wildcard entries in
\m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[4]\d\s+2(5)\&. For example,
ppp0
in this file will match a
\m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[4]\d\s+2(5) entry that defines
ppp+\&.
.sp
If you want to override ADD_IP_ALIASES=Yes for a particular entry, follow the interface name with ":" and no digit (e\&.g\&., "eth0:")\&.
.RE
.PP
\fBINTERNAL\fR \- \fIaddress\fR
.RS 4
Internal Address (must not be a DNS Name)\&.
.RE
.PP
\fBALL INTERFACES\fR (allints) \- [\fBYes\fR|\fBNo\fR]
.RS 4
If Yes or yes, NAT will be effective from all hosts\&. If No or no (or left empty) then NAT will be effective only through the interface named in the
\fBINTERFACE\fR
column\&.
.RE
.PP
\fBLOCAL\fR \- [\fBYes\fR|\fBNo\fR]
.RS 4
If
\fBYes\fR
or
\fByes\fR, NAT will be effective from the firewall system
.RE
.SH "FILES"
.PP
/etc/shorewall/nat
.SH "SEE ALSO"
.PP
\m[blue]\fBhttp://shorewall\&.net/NAT\&.htm\fR\m[]
.PP
\m[blue]\fBhttp://shorewall\&.net/configuration_file_basics\&.htm#Pairs\fR\m[]
.PP
shorewall(8), shorewall\-accounting(5), shorewall\-actions(5), shorewall\-blacklist(5), shorewall\-hosts(5), shorewall_interfaces(5), shorewall\-ipsets(5), shorewall\-maclist(5), shorewall\-masq(5), shorewall\-netmap(5), shorewall\-params(5), shorewall\-policy(5), shorewall\-providers(5), shorewall\-proxyarp(5), shorewall\-rtrules(5), shorewall\-routestopped(5), shorewall\-rules(5), shorewall\&.conf(5), shorewall\-secmarks(5), shorewall\-tcclasses(5), shorewall\-tcdevices(5), shorewall\-tcrules(5), shorewall\-tos(5), shorewall\-tunnels(5), shorewall\-zones(5)
.SH "NOTES"
.IP " 1." 4
http://www.shorewall.net/FAQ.htm#faq1
.RS 4
\%http://www.shorewall.net/manpages/../FAQ.htm#faq1
.RE
.IP " 2." 4
shorewall-proxyarp
.RS 4
\%http://www.shorewall.net/manpages/shorewall-proxyarp.html
.RE
.IP " 3." 4
shorewall.conf
.RS 4
\%http://www.shorewall.net/manpages/shorewall.conf.html
.RE
.IP " 4." 4
shorewall-interfaces
.RS 4
\%http://www.shorewall.net/manpages/shorewall-interfaces.html
.RE