Re: Postrouting problem with Sarge firewall

To: Ivan Adams <ivancho.b@gmail.com>, debian-firewall@lists.debian.org
Subject: Re: Postrouting problem with Sarge firewall
From: david kwok <dkwok@iware.com.au>
Date: Tue, 07 Sep 2004 12:54:22 +1000
Message-id: <[🔎] 413D22DE.9010609@iware.com.au>
In-reply-to: <7a9d6b35040905230753805948@mail.gmail.com>
References: <[🔎] 413B926C.2040902@iware.com.au> <7a9d6b35040905230753805948@mail.gmail.com>

Ivan Adams wrote:

I saw that you use -j SNAT with POSTROUTING. I suggest to try
MASQUERADE instead.

for dial-up connection:
modprobe ipt_MASQUERADE #if this fails, try continuing anyway
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
-> if your external interface is ppp0 (if it is ppp and random digit use ppp+)

http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Masquerading-Simple-HOWTO.html

Regards

The reason why I used SNAT in the first place was that MASQUERADE didnot seem to work at all. After I checked with lsmod, now I find out thatipt_MASQUERADE was not loaded originally.

However, I have changed -j to MASQUERADE. and have loaded theipt_MASQUERADE module when the firewall script runs. Tcpdump of ppp0still show me that :


192.168.1.10:4569 > adsl-238.838.xxxx.4569

I have done nslookup on 192.168.1.10 and can lookup name from anexternal machine. It seems that masquerade is working property for port53 but NOT 4569. However the firewall only do masquerade only on certainports? Could it be some required modules not yet loaded?


David Kwok

Reply to:

References:
- Postrouting problem with Sarge firewall
  - From: david kwok <dkwok@iware.com.au>

Prev by Date: Re: Firewall startup script
Next by Date: RE: Postrouting problem with Sarge firewall
Previous by thread: Re: Postrouting problem with Sarge firewall
Next by thread: RE: Postrouting problem with Sarge firewall
Index(es):
- Date
- Thread