For dynamic IP (ADSL) $IPT -t nat -A POSTROUTING -o $IF_INET -j MASQUERADE and for static IP (Cable) $IPT -A POSTROUTING -t nat -s $IP_LAN_RNG -o $IF_NET -j SNAT --to-source $IP_NET That is for routing. If you want to secure your network and the router itselfe it takes alot more .. like setting up a firewall :) Klemen Kecman Sting d.o.o. Smartinska 106 1000 Ljubljana - SI +386 1 5246033 +386 41 456421 ----- Original Message ----- From: "John Black" <black@xxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Thursday, February 19, 2004 4:32 AM Subject: netfilter question > I'm trying to install a gateway/router with Red Hat 9 kernel 2.4.24 and the > stock > iptables 1.2.7a, with full NAT compiled into the kernel. I have read the > howto > at netfilter.org, even have the same line of code. But it sill will not > change > the source address. > > here is the line of code and the result of the command <iptables -L -nvx> > > iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED, RELATED -j > ACCEPT > iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT > iptables -A FORWARD -j LOG > > Chain INPUT (policy ACCEPT 127 packets, 9436 bytes) > pkts bytes target prot opt in out source destination > > > Chain FORWARD (policy ACCEPT 36 packets, 1709 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 > state RELATED, ESTABLISHED > > 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 > > 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 > LOG flags 0 level 4 > > Chain OUTPUT (policy ACCEPT 74 packets, 8568 bytes) > pkts bytes target prot opt in out source destination > > > I new to security of a network. Am I close? > > thanks > john > > > >
