Re: NAT/MASQ on eth0 - doubt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



     My server is on Mandriva 10.1
eth0 is WAN with static IP connected to 512K DSL
eth1 is LAN - 192.168.0.0/24 and 192.168.21.0/24

....

# Generated by iptables-save v1.2.9 on Tue Apr 26 14:50:01 2005
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE


So should I just masq all out ?

Is it possible to use my static IP or subnets details to rewrite the above masq rule while I am doing a NAT on eth0 ?

Normally, per "man iptables" documentation, you MASQUERADE traffic that is on some sort of dynamic IP connection and SNAT traffic that is on a static IP connection. The main difference is that MASQUERADE will clear the state of MASQUERADing / SNATing when the interface goes down where as SNAT will not do so. The idea behind this is that you will likely get a different IP when you reconnect with a dynamic connection and thus the state information is stale and invalid. Seeing as how you have a static IP on your INet connection I would change the MASQUERADE target to be SNAT.



Grant. . . .


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux