Militantly FREE software support.
Militantly FREE software support.
NavigationUser loginWho's onlineThere are currently 0 users and 37 guests online.
Highest Users
Linux NewsClick the above for your daily dose of Linux news. Food for ThoughtHow come wrong numbers are never busy? Spam?See spam posts on this site? If so, please don't reply to the spam! Instead, just report the URL to the webmaster. |
iptables masqueradingJim Popovitch wrote: Just in case: did you check that forwarding is activated in Thomas -- Bookmark/Search this post with: 
|
• Debian Weekly News - Essential reading for any Debian fan. • Documentation - Debian's own authoritative documentation, including installation docs. • FAQ - Got questions about Debian GNU/Linux? • From Windows to Debian - Tips for converting from Windows to Debian GNU/Linux • Package of the Day. • Security - Security information and alerts! • Bug System - Bug tracking and instructions on reporting bugs. • CD Images - Where/how to get Debian GNU/Linux CD images. • Mailing List Subscription - Dozens of Debian-specific support mailing lists! • Mailing List Archives - Searchable archives of Debian's mailing lists. • Free Software Guidelines - Learn Debian's idea of what "free" software really is. • Package Listings - A very valuable tool: searchable, integrated with bug reports. • Apt-Get Sources - Sources for *.debs which are not official Debian packages. • Backports - Unofficial new software packages that have been "back-ported" to work with the Debian stable/official release. • Developer's Corner - Info about the people behind Debian, policies, and how to package *.deb files.
iptables masquerading
Dnia Sun, 3 Feb 2008 21:37:52 -0800
"Jim Popovitch" napisał(a):
> iptables -t nat -A POSTROUTING -s 192.168.1.0 -o eth0 -j MASQUERADE;
You don't need to place here netmask ?
--
Damian Ryszka aka Rychu
rychu(at)sileman.net.pl
iptables masquerading
This one time, at band camp, Jim Popovitch said:
> (my fav linux list is missing in action... so I'm trying here)
>
> What am I doing wrong.... :-)
>
> ifconfig tap0 192.168.1.1 netmask 255.255.255.0 up
> iptables -A FORWARD -i eth0 -o tap0 -m state --state ESTABLISHED,RELATED -j ACCEPT;
Reply traffic is forwarded from eth0 to tap0.
> iptables -A FORWARD -i tap0 -o eth0 -j ACCEPT;
Inbound traffic on tap0 is accepted if it exits eth0.
> iptables -t nat -A POSTROUTING -s 192.168.1.0 -o eth0 -j MASQUERADE;
And traffic out eth0 is NAT'ted (wrongly - note the missing netmask)
So, I'm assuming that your network is something like:
---------- ----------- ------------
| LAN | | Router | | VPN LAN |
---------- ----------- ------------
\eth0/ \tap0/
and you want to route traffic from LAN to VPN LAN.
You need to accept traffic coming in eth0 and exiting tap0. You
currently only accept reply traffic.
You'll need to accept at least reply traffic coming in tap0 and exiting
eth0. You currently accept all traffic, so this works.
You'll find it easier to NAT traffic going out tap0 (SNAT instead of
DNAT).
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------