Shorewall

Version 1.0

Static NAT


Static NAT is a way to make systems behind a firewall and configured with private IP addresses (those reserved for private use in RFC1918) appear to have public IP addresses.

The following figure represents a static NAT environment.

Static NAT can be used to make the systems with the 10.1.1.* addresses appear to be on the upper (130.252.100.*) subnet. If we assume that the interface to the upper subnet is eth0, then the following /etc/shorewall/NAT file would make the lower left-hand system appear to have IP address 130.252.100.18 and the right-hand one to have IP address 130.252.100.19.

ADDRESS INTERFACE EXTERNAL
10.1.1.2 eth0 130.252.100.18
10.1.1.3 eth0 130.252.100.19

Last updated 3/5/2001 - Tom Eastep