My server is on Mandriva 10.1 eth0 is WAN with static IP connected to 512K DSL eth1 is LAN - 192.168.0.0/24 and 192.168.21.0/24
....
# Generated by iptables-save v1.2.9 on Tue Apr 26 14:50:01 2005 *nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth0 -j MASQUERADE
So should I just masq all out ?
Is it possible to use my static IP or subnets details to rewrite the above masq rule while I am doing a NAT on eth0 ?
Normally, per "man iptables" documentation, you MASQUERADE traffic that is on some sort of dynamic IP connection and SNAT traffic that is on a static IP connection. The main difference is that MASQUERADE will clear the state of MASQUERADing / SNATing when the interface goes down where as SNAT will not do so. The idea behind this is that you will likely get a different IP when you reconnect with a dynamic connection and thus the state information is stale and invalid. Seeing as how you have a static IP on your INet connection I would change the MASQUERADE target to be SNAT.
Grant. . . .
