Re: MASQUERADE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pete Nesbitt pravi:

On June 9, 2004 05:26 pm, hanfamily@xxxxxxxxxxxxx wrote:

Hi,
I've been trying to get Masquerade working on my new RHEL system all
week. I tried clearing the iptables the setup created and making
a test set but it didn't work then I read you needed to load the
ipt_MASQUERADE module, since it wasn't loaded I tried using insmod
to load it. I get the following error
.../ipt_MASQUERADE.o unresolved symbol ip_nat_setup_info_R1nf023n8
Any idea how to get it to load?
Also is there somewhere I can find how redhat-config-securtitylevel
gets its syntax since I can't figure out how it decides which modules
to load at start up but I see where it loads them in /etc/rc.d/iptables
using the /etc/sysconfig/iptables to decide what to do I am worried that
if i just replace /etc/sysconfig/iptables with my own set it will break
things. If I ever get this to work do I need to replace /etc/rc.d/iptables
with the new iptables and have it start with /sbin/insmod to load the
modules instead.
                Thanks
                Linda



Hi Linda,
I have found the best method for setting up iptables is to not use the redhat-config-securtitylevel (mostly because I find the syntax confusing). I either just put all the rules in the init script (/etc/init.d/iptables), or else call a separate file from the init script. Either way, I like the regular netfilter rules (as opposed to the redhat-config-securtitylevel format).


As far as getting mascarading going, if it is just for outbound traffic, you just need to use the POSTROUTING chain.

The order of the rules should generally be:
prerouting
postrouting
input
forward
output
custom chains called from and returned to one of the above


Here is an excerpt from my firewall to mascarade all my outbound LAN and DMZ (just a web server) traffic:
# outbound LAN & web server connections are all masquaraded
$IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $LAN_RANGE -j MASQUERADE
$IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $WEB_SERVER -j MASQUERADE


Hope that helps.

Or even better: use GUI tool called Firestarter http://firestarter.sourceforge.net
Very easy to setup your iptables.
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux