Hi Tom I have seen that the snat file has been exended with the content of the (legacy) masq file.
leaftester# shorewall version 5.2.0.4 leaftester# cat snat # # Shorewall -- /etc/shorewall/snat # # For information about entries in this file, type "man shorewall-snat" # # See http://shorewall.net/manpages/shorewall-snat.html for more information # ########################################################################################################################################### #ACTION SOURCE DEST PROTO PORT IPSEC MARK USERSWITCH ORIGDEST PROBABILITY MASQUERADE 192.168.1.0/24 eth0 # # Rules generated from masq file /etc/shorewall/masq by Shorewall 5.1.9 - Sun Feb 11 18:25:38 UTC 2018 # MASQUERADE eth1 eth0 This will, of course, work, but leaves the original content of the snat file which might interfere with some NAT rules, e.g. leaftester# ip addr show dev eth1 4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:fe:9e:eb brd ff:ff:ff:ff:ff:ff inet 192.168.56.15/24 brd 192.168.56.255 scope global eth1 valid_lft forever preferred_lft forever This of course differs from the first MASQUERADE specification in that rule. I _believe_ that if you rewrite the snat file from masq it should not contain any rules from the previous snat file as delivered with the product. Thanks for your time Erich ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
