----- Original Message -----From: hclfm@pricol.co.inTo: Rob SterenborgSent: Wednesday, March 10, 2004 6:13 AMSubject: RE: Did MASQUERADE not work ?> Iptables script is the same as when it worked.
> MASQ line is:
> iptables -t nat -A POSTROUTING -s 192.168.250.0/24 -d
> $internet -j MASQUERADEHi ,
You have missed the outgoing interface "-o" option ( Internet Interface )
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.250.0/24 -d
$internet -j MASQUERADEmust work.
regards,
U.SivaKumar,
Networking & E-Security,
HCL INFOSYSTEMS LIMITED,
"The Purpose of Computing is Insight, Not Numbers"
"Rob Sterenborg" <rob@sterenborg.info>
Sent by: netfilter-admin@lists.netfilter.org
03/10/2004 08:52 AM CET
To: "'Kevork'" <rxlm@comintec.com.ar>, <netfilter@lists.netfilter.org>
cc:
bcc:
Subject: RE: Did MASQUERADE not work ?> Iptables script is the same as when it worked.
=
> MASQ line is:
> iptables -t nat -A POSTROUTING -s 192.168.250.0/24 -d
> $internet -j MASQUERADE
What is "-d $internet" ?
If $internet is 0.0.0.0 (as it should be) then you don't need to specify it
as this is assumed.
Did you try SNAT :
iptables -t nat -A POSTROUTING -o <if_inet> \
-s 192.168.250.0/24 -j SNAT --to-source <ip_inet>
Do you have a FORWARD rule in place that allows MASQ/SNAT, or do you have
FORWARD policy set to ACCEPT (which you should not do) ?
Do you have "echo 1 > /proc/sys/net/ipv4/ip_forward" ?
Gr,
Rob