Re: About Iptables and Masquerade
As far as I know masquerading should work just as well with static
ip-adresses. my firewall/router (with 1 static internet ip) uses
${IPTABLES} -t nat -A POSTROUTING -o ${INET_IFACE} -s ${INTERNAL_LAN} -j
MASQUERADE
without any notable problems. so I see no problem in your case, if you
like to use masquerading.
please correct me if I'm wrong.
On Mon, 2002-06-10 at 16:29, Inaki Martinez wrote:
> Hello!!!
>
>
> I have a Server (Firewall) with 3 interfaces:
>
> | A
> |
> +--+--+
> B | | C
> ---+ +----
> | |
> +-----+
>
> A = External IP (Valid Internet IP) eth0
> B = External IP (Another Network Valid Internet IP) eth1
> C = Local IP 192.168.1.1 eth2
>
> NOTE: Forward is active and PCs and Servers in B Network work OK.
>
>
> How do i Masquerade the C Network????
>
> I need to connect to internet from a PC in the C Network (192.168.1.2)
> From a PC in C Network can see PCs in B network, but no internet PCs.
>
>
> The IPTables Howto writes:
>
>
> Masquerading
> There is a specialized case of Source NAT called masquerading: it should
> only be used for dynamically-assigned IP addresses, such as standard
> dialups (for static IP addresses, use SNAT above).
>
>
> So i MUST use SNAT.... OK........
>
>
> # iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to External IP (A)
>
> I think this is NOT correct... in my case.....
>
>
> I am a bit lost...... could any help me??????
>
>
> Thanks in advance.
>
>
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: