Bill Hendrickson írta:
Swifty,
You nailed it - thanks! I needed to do both things (set the default
gw on internal server and use the rule). Re: my other post, which is
the better way to go, in your opinion - FORWARDing or MASQUERADing?
Your welcome! :D
FORWARD is the chain...
MASQUERADING is a techique...
But to answer your question:
You are FORWARDing packets to and from your internal/external networks
on the firewall/gateway.
If you have fix external IP then you should SNAT every packet that
leaves your network.
If you have dynamic IP then you should MASQUERADE.
Your first attempt was unsuccessful because the external client expected
the packets from the gateway and not from an "internal" unknown IP.
As of the manual:
MASQUERADE
This target is only valid in the nat table, in the POSTROUTING
chain. It should only be used with dynamically assigned IP (dialup)
connections: if you have a static IP
address, you should use the SNAT target. Masquerading is
equivalent to specifying a mapping to the IP address of the interface
the packet is going out, but also has
the effect that connections are forgotten when the interface goes
down. This is the correct behavior when the next dialup is unlikely
to have the same interface
address (and hence any established connections are lost anyway).
Swifty
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
