Ivan Adams wrote:
The reason why I used SNAT in the first place was that MASQUERADE did not seem to work at all. After I checked with lsmod, now I find out that ipt_MASQUERADE was not loaded originally.I saw that you use -j SNAT with POSTROUTING. I suggest to try MASQUERADE instead. for dial-up connection: modprobe ipt_MASQUERADE #if this fails, try continuing anyway iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE -> if your external interface is ppp0 (if it is ppp and random digit use ppp+) http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Masquerading-Simple-HOWTO.html Regards
However, I have changed -j to MASQUERADE. and have loaded the ipt_MASQUERADE module when the firewall script runs. Tcpdump of ppp0 still show me that :
192.168.1.10:4569 > adsl-238.838.xxxx.4569I have done nslookup on 192.168.1.10 and can lookup name from an external machine. It seems that masquerade is working property for port 53 but NOT 4569. However the firewall only do masquerade only on certain ports? Could it be some required modules not yet loaded?
David Kwok