/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */

Hello all,
my linux pc lives on a small network with Internet server in it. We share
our internet with this serever. The problem is that I pay a lot for this
internet access and want to reduce this paying.
So I have 2 pcs and have made one of them linux server too. And with this
second server i split my internet access with somee other guys.
My question is:
Does the masquerading work in this case with such a rullset:

#rc.masq
#this is the iptables initialization script

IPTABLES=/usr/local/sbin/iptables
LAN="192.168.1.0/24"
ANY="0.0.0.0/0"

CREAM="52:54:05:C0:95:7D"
IVO="00:80:AD:90:3F:6A"
IVANOV="00:40:95:30:EE:4F"

echo "1" > /proc/sys/net/ipv4/ip_forward

$IPTABLES -F
$IPTABLES -t nat -F

#Enabling forwarding only on some MAC addresses
$IPTABLES -A FORWARD -s $LAN -d $ANY -m mac --mac-source $IVANOV -j ACCEPT
$IPTABLES -A FORWARD -s $LAN -d $ANY -m mac --mac-source $IVO -j ACCEPT
$IPTABLES -A FORWARD -s $LAN -d $ANY -m mac --mac-source $CREAM -j ACCEPT
$IPTABLES -A FORWARD -s $ANY -d $LAN -j ACCEPT

#Here is my question?
#Does this masquerading work fine. Does all the packets seem to be
#generated by my server and is there ANY TRAFFIC between the main server
#and my clients?
$IPTABLES -t nat -A POSTROUTING -s $LAN -j MASQUERADE

$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
$IPTABLES -t nat -P POSTROUTING DROP

#end of rc.masq

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to