On Sunday 30 January 2005 11:06, Jürgen Mell wrote:
So far - so good. But what I am missing now is the masquerading of the IP address of the computer on the internal network (it gets a dynamic IP from the private address range 192.168.x.y). In the firewall script I have disabled masquerading (FW_MASQUERADE="no") to prevent any packets going out without using the squid proxy. Is there any way to open direct connections from the internal network _only_ for destination ports 8000 to 8006 without opening everything else (file-sharing networks etc.)? What iptables commands do I need for this purpose? Is there any better way to get this wounderful piece of software to work?
Yes, and it isn't very complicated.
iptables -t nat -A POSTROUTING -o $EXT -p tcp \ --dport 8000:8006 -j MASQUERADE
Or, if you have a static IP address on $EXT interface, you'll be better off with
iptables -t nat -A POSTROUTING -o $EXT -p tcp \ --dport 8000:8006 -j SNAT --to-source <your static IP address>
This does not work here. I always get
iptables: No chain/target/match by that name
Now I have found it: the second command does the trick! If you have an interface with a static IP it seems that you _must_ use this form. Thank you again! Jürgen