Hi all
After reading the NAT-HOWTO, I realized the only mandatory rule was:
/sbin/iptables -t nat - A POSTROUTING -o eth0 -j MASQUERADE
then, the command:
echo 1 > /proc/sys/net/ipv4/ip_forward
The lan is presumed not to accept any initial connection from the
Internet, only accesses from the lan to the Internet.
I have 3 questions:
1) Am I obliged to set up the above rule before all filtering rules,
such the real IP addresses of the forwarded packets could be known by the
machine ?
2) Am I obliged to set up both routes from eth0 to eth1, and eth1 to
eth0, and if so, is there a risk of a route loop ?
This is a kind of problem for me, as I can't otherwise understand
how the packets could pass from one interface to one another.
3) As each packet is presumed to match only one built-in chain, is it
true all the incoming/forthcoming packets via the external interface eth0,
will match the FORWARD rules, so will do the internal eth1 packets ?
In this question, I assume there is no user-defined chain in my
script.
In this case, I should rewrite my filtering rules, such that both the
INPUT and OUTPUT chains could be changed into FORWARD chains, with -i
eth0, and -o eth0 respectively.
Thank you for your responses.
Best regards.
Jean Francois Ortolo
