On Thu, Jul 28, 2011 at 17:05, Kumar Swamy <kswamy@xxxxxxxxxxxxx> wrote: > Hello folks, > > I am a newbie to iptables and experimenting some stuff. So please excuse me, if this has already been discussed. > > I have a linux gateway which has a physical interface (eth0 ) and multiple virtual interfaces ( eth0:1, eth0:2), each has dynamic IP configured. > I want to create an iptables rule for IP masquerading on eth0 , but packets going out on other interfaces should be left untouched. Is this possible? > > I tried > -A POSTROUTING -o eth0 -j MASQUERADE > But it seems packet going out on virtual NICs ( aliases) are also hitting this rule. > Is there any way to solve this problem without using SNAT? Since I have IP address configured dynamically, there is no easy way to do SNAT. > How does the routing work? I.e., when does a packet exits through eth0 or eth0:1 or eth0:2? Use the same routing criteria on the iptables rule. Rgds, -- Pandu E Poluan ~ IT Optimizer ~ • Blog : http://pepoluan.tumblr.com • Linked-In : http://id.linkedin.com/in/pepoluan -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
