Le lun 04/08/2003 à 20:12, Ralf Spenneberg a écrit : > This is of course wrong. I take the opportunity to correct myself. I > guess I need more coffee. I offer you another cup [_]D ;))) Or maybe something stronger :P~ > Masquerading is done in the nat table in the POSTROUTING or OUTPUT > chain, MASQUERADING and SNAT only occurs in POSTROUTING chain because they have to be done _after_ last routing point. In OUTPUT chain, you can DNAT, not SNAT or MASQUERADING : cbr@xxxxxxx:~$ sudo iptables -t nat -A OUTPUT -j MASQUERADE iptables: Invalid argument > therefore the line reads: > iptables -t nat -A POSTROUTING --match mac --mac-source \ > 00:c0:49:c9:d3:f1 -j MASQUERADE Source MAC is no more available in POSTROUTING : cbr@xxxxxxx:~$ sudo iptables -t nat -A POSTROUTING -m mac --mac-source 00:c0:49:c9:d3:f1 -j MASQUERADE iptables: Invalid argument -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
