Mar 10, 2016

If you want the rule to be applied before one-to-one NAT rules, prefix the interface name with "+": +eth0 +eth0:192.0.2.32/27 +eth0:2 This feature should only be required if you need to insert rules in this file that preempt entries in shorewall-nat[7](5). shorewall-snat: Shorewall SNAT/Masquerade definition file Normally Masq/SNAT rules are evaluated after those for one-to-one NAT (defined in m[blue]shorewall-natm[][7](5)). If you want the rule to be applied before one-to-one NAT rules, follow the action name with "+": This feature should only be required if you need to insert rules in this file that preempt entries in m[blue]shorewall-natm[][7](5). Shoreline Firewall (Shorewall) / List shorewall-users Archives I have indicated the > applicable shorewall configuration files that are in effect and the > order I beleive they are processed. > net -> [nat] -> [rules] -> crg > -> [rules] -> server > > Where: > [nat] = /etc/shorewall/nat - Static Nat Translation > [rule] = /etc/shorewall/rule - routing rules > > The desired configuration is: > net -> [nat

Source NAT (sNAT) All NAT one-to-one configurations are stored in networks db. During template-expanding phase, the associated host is mapping with referenced IP and added in shorewall nat configuration. The file is /etc/shorewall/nat. More information are available here:

Jan 07, 2015

How To Set Up Shorewall (Shoreline) 4.0 Firewall On CentOS 5.1

If you want the rule to be applied before one-to-one NAT rules, prefix the interface name with "+": +eth0 +eth0:192.0.2.32/27 +eth0:2 This feature should only be required if you need to insert rules in this file that preempt entries in shorewall-nat[7](5). shorewall-snat: Shorewall SNAT/Masquerade definition file