/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
On Thu, 5 Jul 2001 23:36:15 -0500
Jamin Collins <[EMAIL PROTECTED]> wrote:
> Yes, because by Masq'ing your network you are "forwarding" the packets from
> one network to another. As a by product, you are altering their source
> address, but you are "forwarding" the packets none the less. Thus, you need
> a rule on the FORWARD chain to allow the traffic through. In your case it
> would be something like:
>
> $IPTABLES -t filter -I FORWARD -P DROP
> $IPTABLES -t filter -I FORWARD -s $INTERNAL_NET -j ACCEPT
Ok, that makes sense. I understand why a default policy of DROP would be best. Now,
if I add the above rules, and the forwarding policy accepts packets destined for my
internal network, are those packets dropped by the POSTROUTING chain in the nat table
since the default policy on that chain is DROP (unless of course the packets are a
result of ip-masqueraded packets that were outgoing earlier)? Just a reminder, the
only rule that I have in that chain is:
$IPTABLES -t nat -A POSTROUTING -o $EXTERNAL_DEV -j MASQUERADE
Thanks for your help.
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
