Make sure that you are loading all of your nat modules also.. i.e: /sbin/insmod ip_conntrack /sbin/insmod ip_conntrack_ftp /sbin/insmod ip_tables /sbin/insmod iptable_nat /sbin/insmod ip_nat_ftp echo 1 > /proc/sys/net/ipv4/ip_forward echo "8192" > /proc/sys/net/ipv4/ip_conntrack_max Adam if I delete option for transaparant proxy SNAT working properly, is there any step that I should do ? ----- Original Message ----- From: "Adam Gilstrap" <agilstrap@xxxxxxxxxxxxxxxx> To: <security-discuss@xxxxxxxxxxxxxxxxx> Sent: Friday, March 19, 2004 11:45 AM Subject: RE: iptables-1.2.9 > try the following command...substitute in your subnet for the 192 subnet. > > /sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -d ! 192.168.0.0/16 > -j MASQUERADE > > > Adam Gilstrap > agilstrap@xxxxxxxxxxxxxxxx > > > Hi All, > > I used iptables-1.2.9 on my firewall, but when i accessed site like : > > http://www.slac.stanford.edu/cgi-bin/nph-traceroute.pl > > the browser show my private address that used on my PC not public address on > my firewall, like this : > > You are about to request a traceroute that may be interpreted as an 'attack' > > from www.slac.stanford.edu, by a firewall protecting your browser: > 10.62.22.201 (host with no DNS entry). Have you read the description above > and is it OK to proceed? > > > What shoud I do in order to make the destination detect only my public > address ? > I used this command line ; > iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source <Public_Address> > > Regards, > Fendi > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx > with "unsubscribe" in the subject of the message. > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx > with "unsubscribe" in the subject of the message. > ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message.
