snat help | [action ACTION] [CHAIN] [FILTER] to-addr NEW_SOURCE
ACTION := insert | append | delete
Change the default action defined in the file /etc/flex-fw/vars/base/action (usually append)
CHAIN := postrouting | chain IPTABLES_CHAIN
Iptables chain for adding new rules.
Default: postrouting
FILTER := [FROM] [TO] [proto PROTO]
NEW_SOURCE := [IPADDR[-IPADDR]][:PORT_NUMBER[-PORT_NUMBER]]
IPv4 address or IPv4 address and port
FROM := src IPADDR
Source part of filter (only IP address is allowed, no interface).
TO := out-if IFACE] | dst IPADDR
to ZONE
Destination part of filter.
PROTO := any | { tcp [SOURCE_PORT] [DESTINATION_PORT] } | { udp [SOURCE_PORT] [DESTINATION_PORT] } | PROTO_NUMBER
Network protocol and some rlated info.
IFACE := any | INTERFACE_NAME
Network interface name. any is a synonym for +.
IPADDR := any | IPv4_ADDRESS
IPv4 host or network address. For example: 192.168.0.12, 192.168.0.0/16. any is a synonym for 0.0.0.0/0.
ZONE := name of zone described in the file /etc/flex-fw/zones/zonename
The zonename file contains lines with interface name and IPv4 address per each line and divided by spaces. Look to zones for details.
SOURCE_PORT := sport PORT | sports PORT,PORT,...
Source port(s) for TCP or UDP protocol.
DESTINATION_PORT := dport PORT | dports PORT,PORT,...
Destination port(s) for TCP or UDP protocol.
PORT := any | priv | unpriv | PORT_NUMBER | PORT_NUMBER:PORT_NUMBER
Port of TCP or UDP protocol. any is equal 0:65535. priv is equal 0:1023. unpriv is equal 1024:65535.
PROTO_NUMBER := the numeric value specified in /etc/protocols.
Translate source IP and forward a few connections from LAN to Internet
snat to-addr $ipWan1 src $netLan1 out-if $ifWan1 allow forward in-if $ifLan1 src $netLan1 out-if $ifWan1 proto icmp allow forward in-if $ifLan1 src $netLan1 out-if $ifWan1 proto tcp dports 22,25,80,110,143,443
Copyright (C) 2014 Vitalii Druzhinin
aka VitalShell