Tobias Andresen a écrit : > Am 06.03.2016 um 21:42 schrieb Pascal Hambourg: >> Why do you think you need iptables rules ? Isn't plain routing enough ? > > The PCs should only be able use NTP (Port 123). They should not be able > tohave full access (i.e. internet, ...) Then you need filtering, not NAT. > I tried following rule for one PC: > > iptables -t nat -A PREROUTING -p udp --dport 123 -j DNAT > --to-destination 192.168.31.96:123 What is the purpose of this rule ? It redirects NTP packets to 192.168.31.96. How do you expect that NTP packets eventually reach 62.214.6.29 ? > iptables -t nat -A POSTROUTING -p udp --dport 123 -j MASQUERADE Why is this rule needed ? What's between 10.0.0.95 and 62.214.6.29 ? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
