Re: [security] iptables

To: GARGIULO Eduardo INGDESI <YAPEDU@SIDERAR.COM>
Cc: debian-security@lists.debian.org
Subject: Re: [security] iptables
From: "Martin F. Krafft" <madduck@madduck.net>
Date: Mon, 2 Jul 2001 22:03:23 +0200
Message-id: <[🔎] 20010702220323.A30287@fishbowl.madduck.net>
In-reply-to: <[🔎] F06719ACCB96D311B52C0008C7B1518B026AF4B1@SARZSEX2>

also sprach GARGIULO Eduardo INGDESI (on Mon, 02 Jul 2001 04:25:57PM -0300):
> I was using ipchains, but now I have kernel v2.4.5 with iptables.
> I want to know how to monitor masqueraded connections. I mean the
> output of
> 
> ipchains -L -M -v
> 
> using iptables. I didn't found it in man iptables.

well, a masquerade entry for iptables is achieved with the line:

  iptables -t nat -A POSTROUTING -s $INTRANETSUBNET -j MASQUERADE

so intuitively, you'd view the entry with

  iptables -t nat -L -M -v

*but* that doesn't work because iptables has been cleaned entirely off
the masquerading stuff (which is now a module) so as to be a real
packet filter, not a mangler. anyway, the netfilter team left the -M
switch out because sooner or later, iptables won't do any masquerading
anymore as it's not supposed to do that in the first place.

to monitor masq'd connections, i use iptraf, which works quite well
actually.

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
-- 
printer not ready.
could be a fatal error.
have a pen handy?

Reply to:

Follow-Ups:
- Re: [security] iptables
  - From: Samu <samu@linuxasylum.net>

References:
- iptables
  - From: GARGIULO Eduardo INGDESI <YAPEDU@SIDERAR.COM>

Prev by Date: iptables
Next by Date: Re: Re[2]: Wierd file name?
Previous by thread: iptables
Next by thread: Re: [security] iptables
Index(es):
- Date
- Thread