Yes, masquerading is certainly possible. I am doing it like this: IFWWW="my interface pointing to the internet eg. eth0" IPWWW="my fixed IP address of this interface pointing to the Internet eg. 203.168.75.2"
iptables -t nat -A POSTROUTING -o $IFWWW -j SNAT --to $IPWWW Or this will work also, if you do not have a fixed IP: IFWWW="my interface pointing to the internet eg. eth0" iptables -t nat -A POSTROUTING -o $IFWWW -j MASQUERADE Regards Bernhard -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy Eager Sent: Tuesday, 5 March 2002 15:58 To: [EMAIL PROTECTED] Subject: Re: [SLUG] How this for a simple recommendation for IP-Tables firewalling and ICS Certainly pretty good as far as a basic explanation goes, problem is that masquerading is not yet up to the level of ipchains and thats what most people want. (One IP address, masqueraded to many machines for use with ftp, realaudio etc). I still reckon that ipchains with a 2.2 kernel is still the simplest and most generally accepted way to do firewalling if you want particular services masqueraded. Christopher Booth wrote: >http://www.linuxnewbie.org/nhf/intel/security/iptables_basics.html > >Any major flaws in this, anything important missed ? > >Is it worthwhile for recommending to somebody ? > >Chris > -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
