So “behind the scenes” my config is getting “deleted”.
When I go to the Shorewall site I see that some changes have been recently made in how masq/snat is configured, so I’m wondering whether I’m doing something wrong or whether I need to use an older version of Shorewall, such as 4.6 or 5.0 to be compatible with Webmin… Thanks.
Support for the deprecated ‘masq’ file has been deleted. Any
existing ‘masq’ file will automatically be converted to the
equivalent ‘snat’ file.
This seems to be what I’m seeing in the earlier post. So it seems that maybe Webmin has not adjusted to the latest version. It also appears that 5.1.12.4 is the latest that might work. Per:
BTW, the latest version of shorewall installed on Debian by apt install shorewall is 5.2.8, which is the version that makes the file swap above.
I think I’ve found the source of my confusion. After I got the message that the files had been swapped, I clicked on the webmin icon for Static NAT (nat) which I assumed would open the /etc/shorewall/snat (even though now, I see I should have got the parenthetical clue) and the changes were not there (because I was actually viewing the /etc/shorewall/nat file). So I now see how I can edit the snat file using Masq but that just replaces the snat file with whatever I entered into the Masq input form, it does not provide a way for me to do small edits. I’m thinking that it would be handy to have the Masq input form reconfigured as an snat input form.
I have not yet tested the system to see if it is actually performing NAT on the interface. That is the problem I was working on when I stumbled onto this issue.
The masq file is appended to the snat file. So, you can add networks to the masq Webmin form, but you can’t remove them unless you sudo vi /etc/shorewall/snat and delete the entries manually.