Into table nat, chain POSTROUTING put the following string
-A POSTROUTING -s <internal network address space> -j SNAT --to-source <address of router externat interface>
This will do the masquerading. Then allow the forwarding of packets between internal and external addresses (table 'filter' chain FORWARD):
-A FORWARD -s <internal network address space> -j ACCEPT
Or simply set the default rule of FORWARD chain to ACCEPT. Then reload iptables rules:
service iptables restart
Then switch on the forwarding in the kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
And put appropriate line into /etc/sysctl.conf so the forwarding will be switched on after each reboot:
net.ipv4.ip_forward = 1
Also I recommend to switch on the use of iptales helpers for at least FTP protocol. The list of helpers to be loaded at iptables restart is in file /etc/sysconfig/iptables-config, parameter IPTABLES_MODULES.
Alexey Fadyushin. Brainbench MVP for Linux. http://www.brainbench.com
Mollatt Ntini wrote:
Hello everyone
I have googled and googled, but I believe it's the correct search keyword that I am missing. What I am about to ask has been discussed on this list, but I just don't seem to be able to track it down - in the archives, FAQ, sample configs!
I have one of those *stupid* requests again: I need to put an IP Forwarding or IP Masquerade on a REDHAT 9, basically what I need is to have my LAN to access any outside network, whether ping, trace etc, and just leave my WAN network in its current state. How do I do this.
Please help!
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
