On Thursday 22 April 2004 11:40 am, test@xxxxxxxxxxxxxxx wrote:
> >> iptables -t nat -A POSTROUTING -j MASQUERADE
> >> or
> >> iptables -t nat -A POSTROUTING -j SNAT --to 192.168.0.254
>
> Yes I do have "iptables -t nat -A POSTROUTING -j MASQUERADE"
> And as suggested by you I have modified the above rule with
> respective nic. But no luck.
>
> Can you please advice me on what rule set to use on my firewall. I
> want users from outside to come in for POP & SMTP. But I want
> their request to be forwarded with their real ips and not firewall ip.
I think you need to change your generic MASQUERADE or SNAT rule so that it
specifies only packets leaving the external interface - not the internal
interface.
For example:
iptables -A POSTROUTING -t nat -o $extIF -j SNAT --to a.b.c.d
Where a.b.c.d is the external IP of $extIF
Regards,
Antony.
--
What makes you think I know what I'm talking about?
I just have more O'Reilly books than most people.
Please reply to the list;
please don't CC me.
