/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Fuzzy Fox <[EMAIL PROTECTED]> wrote:
>
> I'm using DNAT to tunnel SSH connections through my iptables firewall,
> and it works, but I noticed something today. From my internal server's
> point of view, all incoming connections appear to be originating from my
> firewall. That is, the remote IP cannot be determined at all.
I have determined the source of this problem. It was due to this rule:
iptables -t nat -A POSTROUTING -j SNAT --to $EXTERNAL_IP
This causes SNAT behavior in *both* directions. What I really want is
SNAT behavior to occur only on outbound interfaces. So I replaced it
with this:
for interface in $EXTERNAL_IF
do
iptables -t nat -A POSTROUTING \
-o $interface -j SNAT --to $EXTERNAL_IP
done
That's this mystery solved. :)
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Good judgment comes from experience.
sometimes known as David DeSimone || Experience comes from bad judgment."
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
