At 11:19 02/06/2000 +0200, Wolfgang Wegner wrote:
>Hello there,
>just a little question for the networking fraction, i hope:
>In the documentation of ipmasqadm and ipchains, i did not find any
>support for NAT.
I presume you know about the input, output and forward chain of ipchains?
You can set the default forward policy to masquerade, and thus enable NAT,
like this:
#Set default forward policy to masquerade
ipchains -P forward MASQ
However, you may want to be a bit more restrictive, and put something like
this:
#Masquerade all outgoing traffic within the correct range, deny rest.
ipchains -A forward -i eth0 -s 10.0.1.0/24 -j MASQ
ipchains -A forward -j DENY -l
The above 2 lines assume that eth0 is the EXTERNAL (i.e., internet)
interface (it is slightly confusing, for the forward chain, the interface
you specify is the destination interface). This will masquerade anything
with a source address in the range 10.0.1.0/24, headed for interface eth0.
All other traffic that wants to be forwarded is simply denied.
>www.rustcorp.com, which seemed to me as an important (and for 2.2.x,
>the only?) source for NAT resources, is not available. :-(
It is a basic resource for NAT and ipchains.
>So, is there anyone out there who can tell me where to look for the
>missing bits?
Hope this helps,
Ward.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:14 EST