El lun, 06 de 09 de 2004 a las 14:48, JoÃo Carlos Garcia escribiÃ: > Hi, > > IÂm trying to configure iptables rules, but ... > IÂm testing the rules in a separeted environment, but the final topology will be the following > ADSL -- [ LINUX ] -- LOCAL NETWORK > > The script look like this > > #!/bin/sh > INTIF=eth0 > EXTIF=eth1 > INTIP=192.168.0.3 > EXTIP=172.16.0.3 > > echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp > echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp > echo 1 > /proc/sys/net/ipv4/ip_forward > for f in /proc/sys/net/ipv4/conf/*/rp_filter; > do > echo 1 > $f; > done > > iptables -F INPUT > iptables -F OUTPUT > iptables -F FORWARD > iptables -A INPUT -j DROP > iptables -A FORWARD -j DROP > iptables -A OUTPUT -j DROP > ... > > iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o $EXTIF -j SNAT --to-source $EXTIP > > When the script run the last rule ( NAT ), occurs an error : iptables invalid argument. > I want that the iptables change the source IP address ( 192.168 ) to his ip address ( 172.16.0.3 ) to all connection to Internet > > Could anyone help me ? > Thanks in advanced > JoÃo Carlos The rule is correct, I write it in my system and it works, so you probably have a problem of not having synced the iptables userspace tools and the kernel space or something similar. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
