Iptable for nat assistance
John Van Ostrand
john-Da48MpWaEp0CzWx7n4ubxQ at public.gmane.org
Wed Apr 25 16:56:19 UTC 2007
On Wed, 2007-04-25 at 12:05 -0400, tleslie wrote:
> On Wed, 2007-04-25 at 18:40 +0300, Kihara Muriithi wrote:
> > /sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.2.1
> >
> > when I check the firewall status, I notice this table insertion
> > Chain POSTROUTING (policy ACCEPT)
> > target prot opt source destination
> > SNAT all -- 0.0.0.0/0 0.0.0.0/0
> > to:192.168.2.1
> >
>
> SNAT means source address translation, you want DNAT
You also need to a forwards in place too:
# Allow outgoing requests
iptables -A FORWARD --out-interface eth0 --jump ACCEPT
# Allow responses back in
iptables -A FORWARD --in-interface eth0 --match state --state
related,established --jump ACCEPT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20070425/93dafc3b/attachment.html>
More information about the Legacy
mailing list