Re: [suse-security] nat of locally generated connections
I was looking for a solution concurrently in the web - but didn't find anything that answers my question . imho, this should work : iptables -A OUTPUT -t nat -o eth1 -j MASQUERADE but I get following error : iptables: Invalid argument -bruno Martin Peikert <list@nolog.org> schrieb am 27.01.2004 10:59:13:
Hello,
BLeonhardt@analytek.de wrote:
how do I masquerade / source-nat locally generated packets with iptables - any hints ?
rtfm and the HowTos you'll find at netfilter.org. Next time try google first before asking '31337' questions.
GTi
On Tue, 27 Jan 2004 BLeonhardt@analytek.de wrote: Hi, Manpage says: MASQUERADE: This target is only valid in the nat table, in the POSTROUTING chain. I wonder why you want to masquerade local traffic at all, since you can bind to the outbound address and have the same effect. Local masquerading makes no sence. Sebastian
I was looking for a solution concurrently in the web - but didn't find anything that answers my question .
imho, this should work :
iptables -A OUTPUT -t nat -o eth1 -j MASQUERADE
but I get following error :
iptables: Invalid argument
-bruno
Martin Peikert <list@nolog.org> schrieb am 27.01.2004 10:59:13:
Hello,
BLeonhardt@analytek.de wrote:
how do I masquerade / source-nat locally generated packets with iptables - any hints ?
rtfm and the HowTos you'll find at netfilter.org. Next time try google first before asking '31337' questions.
GTi
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@suse.de - SuSE Security Team ~
Hi Martin, no RTFM to that user in that case, just to you :-)) Hi BLeonhard, the problem is, that you have to recompile your iptables (no changes are needed to the Makefile etc), just recompile and install - anything would be fine. I guess you made your own new kernel from scratch, in some cases hooks change for iptables, so you have to recompile it too. You can get iptables- source from http://www.netfilter.org Best regards, Sandro Littke. Am Di, den 27.01.2004 schrieb Martin Peikert um 13:50:
BLeonhardt@analytek.de wrote:
iptables -A OUTPUT -t nat -o eth1 -j MASQUERADE
but I get following error :
iptables: Invalid argument
try iptables -t nat -A OUTPUT ... and rtfm. Now.
GTi
btw: "iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE" would do it at the end ... Sandro Littke.
Am Di, den 27.01.2004 schrieb Martin Peikert um 13:50:
BLeonhardt@analytek.de wrote:
iptables -A OUTPUT -t nat -o eth1 -j MASQUERADE
but I get following error :
iptables: Invalid argument
try iptables -t nat -A OUTPUT ... and rtfm. Now.
GTi
participants (4)
-
BLeonhardt@analytek.de -
Martin Peikert -
Sandro Littke -
Sebastian Krahmer