Re: iptables masquerading

To: debian-isp@lists.debian.org
Subject: Re: iptables masquerading
From: "Jim Popovitch" <yahoo@jimpop.com>
Date: Mon, 4 Feb 2008 06:28:32 -0800
Message-id: <7ff145960802040628x16b85f82v3f0de91815f45104@mail.gmail.com>
In-reply-to: <20080204120936.GA22935@www.lobefin.net>
References: <7ff145960802032137q30b96990m5f4ec49e5061d75a@mail.gmail.com> <20080204120936.GA22935@www.lobefin.net>

On Feb 4, 2008 4:09 AM, Stephen Gran <sgran@debian.org> wrote:
> And traffic out eth0 is NAT'ted (wrongly - note the missing netmask)

Ahhh...that was an email typo, I was using a /24.

> So, I'm assuming that your network is something like:
>
>  ----------         -----------         ------------
> |  LAN     |       |  Router   |       |  VPN LAN   |
>  ----------         -----------         ------------
>             \eth0/              \tap0/
>
> and you want to route traffic from LAN to VPN LAN.
>
> You need to accept traffic coming in eth0 and exiting tap0.  You
> currently only accept reply traffic.

Which is fine, this is for outbound traffic from firewall'ed and vpn'ed clients

> You'll find it easier to NAT traffic going out tap0 (SNAT instead of
> DNAT).

I switched to SNAT (instead of MASQUERADE) and was able to get this to work.

Thanks all,

-Jim P.

Reply to:

References:
- iptables masquerading
  - From: "Jim Popovitch" <yahoo@jimpop.com>
- Re: iptables masquerading
  - From: Stephen Gran <sgran@debian.org>

Prev by Date: Re: iptables masquerading
Next by Date: pinjaman nya besar 25-125 jt,kecil bunga nya 1,36..5 hari saja
Previous by thread: Re: iptables masquerading
Next by thread: pinjaman nya besar 25-125 jt,kecil bunga nya 1,36..5 hari saja
Index(es):
- Date
- Thread