Re: [suse-security] nat of locally generated connections (correction)
I'll correct my statement : it shouldn't work - MASQUERADE is only valid for POSTORUTING :-( ... but how do I do that instead ? didn't find anything useful yet - even not at netfilter.org in the nat howtos... I need to masq locally generated outgoing packets for dynamic ip ... -bruno
Hello, I use iptables -t nat -I POSTROUTING <packet matching options> \ -j SNAT --to-source <addr> on non-dynamic connections. I just tried, it also works with "-j MASQUERADE" in POSTROUTING. Make sure your kernel config has CONFIG_IP_NF_NAT_LOCAL=y. At least that is necessary for SNAT. The default kernel for SuSE9.0 comes with CONFIG_IP_NF_NAT_LOCAL=n, so you probably need to build your own kernel. hth Matthias --On Tuesday, January 27, 2004 11:14:40 +0100 BLeonhardt@analytek.de wrote:
I'll correct my statement : it shouldn't work - MASQUERADE is only valid for POSTORUTING :-( ... but how do I do that instead ?
didn't find anything useful yet - even not at netfilter.org in the nat howtos...
I need to masq locally generated outgoing packets for dynamic ip ...
-bruno
Try changing the parameter order as well as the chain that you're adding
to...
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
You had the option specifying the top level table in between the chain and
rule parameters of the -A switch.
HTH
----- Original Message -----
From:
I'll correct my statement : it shouldn't work - MASQUERADE is only valid
for POSTORUTING :-( ... but how do I do that instead ?
didn't find anything useful yet - even not at netfilter.org in the nat
howtos...
I need to masq locally generated outgoing packets for dynamic ip ...
-bruno
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (3)
-
BLeonhardt@analytek.de
-
Carl Peto
-
Matthias Ferdinand