On June 9, 2004 05:26 pm, hanfamily@xxxxxxxxxxxxx wrote: > Hi, > I've been trying to get Masquerade working on my new RHEL system all > week. I tried clearing the iptables the setup created and making > a test set but it didn't work then I read you needed to load the > ipt_MASQUERADE module, since it wasn't loaded I tried using insmod > to load it. I get the following error > .../ipt_MASQUERADE.o unresolved symbol ip_nat_setup_info_R1nf023n8 > Any idea how to get it to load? > Also is there somewhere I can find how redhat-config-securtitylevel > gets its syntax since I can't figure out how it decides which modules > to load at start up but I see where it loads them in /etc/rc.d/iptables > using the /etc/sysconfig/iptables to decide what to do I am worried that > if i just replace /etc/sysconfig/iptables with my own set it will break > things. If I ever get this to work do I need to replace /etc/rc.d/iptables > with the new iptables and have it start with /sbin/insmod to load the > modules instead. > Thanks > Linda Hi Linda, I have found the best method for setting up iptables is to not use the redhat-config-securtitylevel (mostly because I find the syntax confusing). I either just put all the rules in the init script (/etc/init.d/iptables), or else call a separate file from the init script. Either way, I like the regular netfilter rules (as opposed to the redhat-config-securtitylevel format). As far as getting mascarading going, if it is just for outbound traffic, you just need to use the POSTROUTING chain. The order of the rules should generally be: prerouting postrouting input forward output custom chains called from and returned to one of the above Here is an excerpt from my firewall to mascarade all my outbound LAN and DMZ (just a web server) traffic: # outbound LAN & web server connections are all masquaraded $IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $LAN_RANGE -j MASQUERADE $IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $WEB_SERVER -j MASQUERADE Hope that helps. -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
