RE: About Iptables and Masquerade
This is basically exactly what you want to do:
http://www.linuxguruz.org/iptables/scripts/rc.DMZ.firewall.txt
- James
> -----Original Message-----
> From: Inaki Martinez [mailto:security@hostalia.com]
> Sent: Monday, June 10, 2002 10:29 AM
> To: Debian Firewall
> Subject: About Iptables and Masquerade
>
>
> Hello!!!
>
>
> I have a Server (Firewall) with 3 interfaces:
>
> | A
> |
> +--+--+
> B | | C
> ---+ +----
> | |
> +-----+
>
> A = External IP (Valid Internet IP) eth0
> B = External IP (Another Network Valid Internet IP) eth1
> C = Local IP 192.168.1.1 eth2
>
> NOTE: Forward is active and PCs and Servers in B Network work OK.
>
>
> How do i Masquerade the C Network????
>
> I need to connect to internet from a PC in the C Network
> (192.168.1.2) From a PC in C Network can see PCs in B
> network, but no internet PCs.
>
>
> The IPTables Howto writes:
>
>
> Masquerading
> There is a specialized case of Source NAT called
> masquerading: it should only be used for dynamically-assigned
> IP addresses, such as standard dialups (for static IP
> addresses, use SNAT above).
>
>
> So i MUST use SNAT.... OK........
>
>
> # iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to External IP (A)
>
> I think this is NOT correct... in my case.....
>
>
> I am a bit lost...... could any help me??????
>
>
> Thanks in advance.
>
>
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: