> > Your welcome! :D > > FORWARD is the chain... > MASQUERADING is a techique... > But to answer your question: > You are FORWARDing packets to and from your internal/external networks on > the firewall/gateway. > If you have fix external IP then you should SNAT every packet that leaves > your network. > If you have dynamic IP then you should MASQUERADE. > Your first attempt was unsuccessful because the external client expected the > packets from the gateway and not from an "internal" unknown IP. > > As of the manual: > > MASQUERADE > This target is only valid in the nat table, in the POSTROUTING chain. > It should only be used with dynamically assigned IP (dialup) connections: > if you have a static IP > address, you should use the SNAT target. Masquerading is equivalent > to specifying a mapping to the IP address of the interface the packet is > going out, but also has > the effect that connections are forgotten when the interface goes down. > This is the correct behavior when the next dialup is unlikely to have > the same interface > address (and hence any established connections are lost anyway). > > Swifty Excellent, I see. You the man, Swifty. Case closed. Points awarded. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
