--On Wednesday, July 10, 2002 15:22:33 +0100 Antony Stone
<[EMAIL PROTECTED]> wrote:
>
> This one looks a bit odd to me, even though I've written it myself, but I
> think it should do the trick:
>
> $IPTABLES -t nat -A POSTROUTING -o $INTIF -i $INTIF -j MASQUERADE
"-i" can't be used in the POSTROUTING hook. Example:
[root@gateway root]# iptables -t nat -A POSTROUTING -i eth3 -o eth4 -j
MASQUERADE
iptables v1.2.6a: Can't use -i with POSTROUTING
Try `iptables -h' or 'iptables --help' for more information.
[root@gateway root]#
>
> If it doesn't, then just use the standard version:
>
> $IPTABLES -t nat -A POSTROUTING -o $INTIF -s a.b.c.d/n -j MASQUERADE
>
> where a.b.c.d/n is your internal network range.
That's better -- since the internal interface usually has a static address,
the following is preferable:
$IPTABLES -t nat -A POSTROUTING -o $INTIF -s a.b.c.d/n -j SNAT --to-source
$INTIP
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ [EMAIL PROTECTED]
