-----Original Message----- From: Paul Evans <pevans@xxxxxxxxxxxx> To: lartc@xxxxxxxxxxxxxxx Date: Mon, 3 Mar 2003 09:38:17 -0800 Subject: Re: Re[2]: [LARTC] further than dead gateway detection > > On March 3, 2003 08:22 am, Никита Винокуров wrote: > > > have you done masquerading from an internal network? > > > cause that does not work for mi..you may help me :) > > > > Yes, I've done it by the means of iptables (I have a 2.4.20 kernel). > > > > masquarade does not interacts with routing, just put it in the two routes: > > > > iptables -t nat -A POSTROUTING -o $IFACE1 -j SNAT --to-source $IP1 > > ipdables -t nat -A POSTROUTING -o $IFACE2 -j SNAT --to-source $IP2 > > > > > > where $IP1 and $IP2 -- the external addresses of the certain interfaces > > ($IFACE1 and $IFACE2) > > I have this which also works: > iptables -t nat -A POSTROUTING -s net/mask -o $IP1 -j MASQUERADE > iptables -t nat -A POSTROUTING -s net/mask -o $IP2 -j MASQUERADE > > Why would it be better to SNAT? > > You may use a MASQUERADE tag only if your ip-addresses are assinged dynamycally. In other cases it would be better to set SNAT. -- Nikita
