Iptable for nat assistance

John Van Ostrand john-Da48MpWaEp0CzWx7n4ubxQ at public.gmane.org
Wed Apr 25 16:56:19 UTC 2007


On Wed, 2007-04-25 at 12:05 -0400, tleslie wrote:

> On Wed, 2007-04-25 at 18:40 +0300, Kihara Muriithi wrote:
> > /sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.2.1
> > 
> > when I check the firewall status, I notice this table insertion
> > Chain POSTROUTING (policy ACCEPT)
> > target     prot opt source               destination         
> > SNAT       all  --  0.0.0.0/0            0.0.0.0/0
> > to:192.168.2.1
> > 
> 
> SNAT means  source address translation, you want DNAT


You also need to a forwards in place too:

# Allow outgoing requests
iptables -A FORWARD --out-interface eth0 --jump ACCEPT
# Allow responses back in
iptables -A FORWARD --in-interface eth0 --match state --state
related,established --jump ACCEPT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20070425/93dafc3b/attachment.html>


More information about the Legacy mailing list