On Friday 29 August 2008 17:52, Joseph L. Casale wrote:
> >Postrouting is the correct one. After everything is routed it is MASQ
> > before leaving the interface.
>
> That makes sense, but I am stuck at making the transition, should I simply
> pull the port specifications from my third line in the FORWARD chain to
> the first line in the POSTROUTING chain?
>
> iptables -A POSTROUTING -t nat -o $WAN -p tcp -m multiport --dports 80,443
> -j MASQUERADE iptables -A FORWARD -i $WAN -o $LAN -m state --state
> RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i $LAN -o $WAN -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> Does that look groovy?
If your WAN interface is using a public IP and your LAN is using a private IP
range then you need to MASQ everything leaving your LAN like this;
iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE
No port or packet types are needed as everything needs to be MASQed.
There is nothing you need to do to make the transition as all packets go
though the Postrouting/Prerouting tables.
--
Regards
Robert
It is not just an adventure.
It is my job!!
Linux User #296285
http://counter.li.org
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
