[ale] Iptables packet mangling
Marc
marct at mindspring.com
Fri Jun 29 20:06:15 EDT 2001
Make sure you have all the modules loaded for NAT to work
#### Load netfilter modules
modprobe iptable_filter
modprobe iptable_nat
modprobe ip_conntrack
modprobe ipt_MASQUERADE
The command to activate NAT that should work for you is:
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Check out the iptables and NAT howtos that live at
http://netfilter.samba.org
I think you'll find them under 'unoffical documentation'
or somesuch.
Good Luck,
--marct
marct at mindspring.com
On Fri, 29 Jun 2001, Bob Kruger wrote:
> I am looking for a good example to do some outgoing packet mangling for
> a small class C subnet that is routed through a Linux box prior to being
> sent to the Internet. Previously with ipchains I did this via
> masquerading. The "man iptables" recommends using SNAT if the outgoing
> IP address is stable (which, in my case, it is).
>
> Example:
>
> Six systems, on class C Subnet, 192.168.1.0/24
> Linux bridge/route, eth0 on 192.168.1.1
> Same Linux bridge, eth1 on 172.16.81.10.
>
> Traffic for the small subnet will go out through eth1 on the Linux box.
>
> I would like all outgoing packets to have a source address of
> 172.16.81.10 (e.g., a little masquerading) after leaving the Linux box.
>
> Packet forwarding is working fine, as is everything else. I just am not
> coming up with a good solution on packet mangling. Anyone have a good
> solution they are willing to share? IPTables seems robust and fast,
> albeit good documentation and examples are a little sparse at the
> present.
>
> Thanks in advance for any assistance.
>
> Regards - Bob Kruger
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
>
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list