On 24.02.2010 15:45, netfilter-owner@xxxxxxxxxxxxxxx wrote: > All , > > R1) iptables -t nat -I POSTROUTING -o eth0 -m state --state > ESTABLISHED,RELATED -j ACCEPT > R2) iptables -t nat -A POSTROUTING -o eth0 -j MASQERADE > > > machine "B" > ------------------------------------------ > | | > | | > machine "A" ------> eth0 | > |eth1----------------------------------------> internet > | | > | | > ------------------------------------------ > > I applied rules R2 and i am able to browse internet from machine A . > > 1. Is there any problem if i apply R1 ? > 2. if packet state become ESTABLISHED ( not a new packet ) , do we > need MASQERADE target for remaing packets ??? > > Thanks, > Ratheesh The nat table only sees state NEW packets. A rule with state "ESTABLISHED,RELATED" will never match there. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE is good (without the typo). Do filtering (ACCEPT/DROP/REJECT) in the filter table. iptables -A FORWARD -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT same for OUTPUT maybe. Best regards Mart -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
