From mboxrd@z Thu Jan 1 00:00:00 1970 From: Janos Makadi Subject: masquerade Date: Wed, 13 Oct 2004 18:41:52 +0200 Sender: netfilter-bounces@lists.netfilter.org Message-ID: <416D5AD0.6040405@freemail.hu> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" To: netfilter@lists.netfilter.org Hi, I`m absoulte newbie to netfilter, but last year I set up my debian firewall. I tought it`s configuration is correct, but yesterday I found http://audiymypc.com which shows my real ip address which I wanted to hide. It shows the correct address too, but it seems my real local address is visible on the internet somehow. This is my configuration: # Generated by iptables-save v1.2.8 on Thu Nov 27 22:19:07 2003 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] [0:0] -A POSTROUTING -o eth1 -j MASQUERADE COMMIT # Completed on Thu Nov 27 22:19:07 2003 # Generated by iptables-save v1.2.8 on Thu Nov 27 22:19:07 2003 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :block - [0:0] [0:0] -A INPUT -j block [0:0] -A FORWARD -j block [0:0] -A block -i eth1 -p TCP -m state --state NEW -j ULOG --ulog-nlgroup 1 --ulog-prefix "Dropped TCP packet:" [0:0] -A block -i eth1 -p ICMP -m state --state NEW,RELATED -j ULOG --ulog-nlgroup 1 --ulog-prefix "Dropped ICMP packet:" [0:0] -A block -m state --state RELATED,ESTABLISHED -j ACCEPT [0:0] -A block -i ! eth1 -m state --state NEW -j ACCEPT [0:0] -A block -j DROP COMMIT # Completed on Thu Nov 27 22:19:07 2003 What did I wrong? THX kernel is vanilla 2.4.25-rc2 iptables is 1.2.9