This set of ipchains rules:
$IPCHAINS -N soporte
$IPCHAINS -A FORWARD -s 10.0.0.0/25 -j soporte
$IPCHAINS -A soporte -s 10.0.1.1 -j MASQUERADE
$IPCHAINS -A soporte -j DENY
would became this in iptables
iptables -N soporte
iptables -A soporte -s 10.0.1.1 -j ACCEPT
iptables -A soporte -j DROP
iptables -A FORWARD -s 10.0.0.0/25 -j soporte
iptables -t nat -A POSTROUTING -s 10.0.1.1 -j MASQUERADE
Some explanations
In ipchains, the decision to allow or not forwarding was done in forward
rule, as well as the decision of forward it with the original address or NAT
it. This has changed in iptables. FORWARD rule only take the decision of
allowing or not the forwarding of the packet. NAT is done in POSTROUTING
rule of nat table. You should also note that when you do not specify which
table, you're working with filter table. So 'iptables -N soporte' and
'iptables -t filter -N soporte' would do exactly the same thing.
Well, hope this helps ....
Sincerily,
Leonardo Rodrigues
