Hi, On Tue, 21 Jun 2005 21:22:35 +0600 "askar ..." <[EMAIL PROTECTED]> wrote:
> On 6/21/05, Kurt Guenther <[EMAIL PROTECTED]> wrote: > > > > As root do: > > > > echo 1 > /proc/sys/net/ipv4/ip_forward > > /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > > > where eth0 is your outward facing port to your router. I've used ppp0 with > > a dial up connection, and that works too. > > > > --Kurt > > > Thanks, but I already have this script in my iptable rules. > My router works for PC in LAN. The rule mentioned by Kurt is not needed. In fact, you'd loose IP information on 192.168.0.2 which would see the packets coming from 192.168.0.1 if you issued that rule. (you told it to masquerade) Would make web server logging rather complex ;-) and you'd need to do this stateful to have the correct target addresses written when the replies are sent (which would go to 192.168.0.1, initially). Instead, only rewriting the target address is needed (if you don't have ill firewalls in your local LAN). But that rule is actually present. So I suggest removing the above mentioned rule. Well, it maybe breaks all other kind of stuff, too. I don't think Kurt really meant "-o eth0" here... And by all means, get a tcpdump on ppp0 and eth0, the most relevant being eth0. HWH -- [email protected] mailing list
