Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Shorewall SNAT problem

    Running the latest Shorewall on Ubuntu 10.04 server.

    Got a Netopia router that serves internet to the 192.168 network. My shorewall's eth1 nic is on that network at

    My Shorewall's eth0 nic is I'm trying to route packets from the internet, through the Netopia, into Shorewall's 192 nic, and out the 10 nic to another machine on the 10 range (

    Got SNAT set up in masq like this:
    eth0: eth1

    I shouldn't need the addy. I've tried this with and without.

    When I ping from the Netopia, it get's replies. I can see with tcpdump that Shorewall is rewriting the source address from Netopia's 192 addy to Shorewall's

    But when I try to ping from the internet, Netopia forwards the packet with the original source address, and so does Shorewall.

    How can I tell Shorewall to rewrite it so the internal machine knows to send the packet back through Shorewall?

    Alternatively, anyone know why the Netopia is not rewriting it? I'm much less familiar with Netopia.

  2. #2


    Solved it. Told it to do the SNAT regardless of source ( and that did it.

    Don't see why, though. For some reason, I guess Shorewall thought the packet wasn't coming from eth1.

    If anybody knows why, I'd be interested.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts