* Re[2]: Where libipt_MASQ.so (???)
@ 2003-08-04 17:57 Jesús García Crespo (aka Sevein)
2003-08-04 18:08 ` Ralf Spenneberg
2003-08-04 18:16 ` Cedric Blancher
0 siblings, 2 replies; 3+ messages in thread
From: Jesús García Crespo (aka Sevein) @ 2003-08-04 17:57 UTC (permalink / raw)
To: netfilter
Hola flaq,
Monday, August 4, 2003 7:38:47 PM, you wrote:
f> Try -j MASQUERADE
iptables: Invalid argument
:( :( :( :(
--
Jesús García Crespo (aka Sevein)
http://www.sevein.com
correo@sevein.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Re[2]: Where libipt_MASQ.so (???)
2003-08-04 17:57 Re[2]: Where libipt_MASQ.so (???) Jesús García Crespo (aka Sevein)
@ 2003-08-04 18:08 ` Ralf Spenneberg
2003-08-04 18:16 ` Cedric Blancher
1 sibling, 0 replies; 3+ messages in thread
From: Ralf Spenneberg @ 2003-08-04 18:08 UTC (permalink / raw)
To: Jesús García Crespo (aka Sevein); +Cc: Netfilter
Am Mon, 2003-08-04 um 19.57 schrieb Jesús García Crespo (aka Sevein):
> Hola flaq,
>
> Monday, August 4, 2003 7:38:47 PM, you wrote:
>
> f> Try -j MASQUERADE
>
> iptables: Invalid argument
>
Could you post the whole line you used or try:
iptables -t nat -A POSTROUTING -j MASQUERADE
Masquerading is done in the POSTROUTING chain of the nat table!
Cheers,
Ralf
--
Ralf Spenneberg
RHCE, RHCX
Book: Intrusion Detection für Linux Server http://www.spenneberg.com
IPsec-Howto http://www.ipsec-howto.org
Honeynet Project Mirror: http://honeynet.spenneberg.org
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Re[2]: Where libipt_MASQ.so (???)
2003-08-04 17:57 Re[2]: Where libipt_MASQ.so (???) Jesús García Crespo (aka Sevein)
2003-08-04 18:08 ` Ralf Spenneberg
@ 2003-08-04 18:16 ` Cedric Blancher
1 sibling, 0 replies; 3+ messages in thread
From: Cedric Blancher @ 2003-08-04 18:16 UTC (permalink / raw)
To: Jesús García Crespo (aka Sevein); +Cc: netfilter
Le lun 04/08/2003 à 19:57, Jesús García Crespo (aka Sevein) a écrit :
> Monday, August 4, 2003 7:38:47 PM, you wrote:
> f> Try -j MASQUERADE
> iptables: Invalid argument
You really should have a look at the doc...
> iptables -A FORWARD --match mac --mac-source 00:c0:49:c9:d3:f1 -j MASQ
This is wrong. MASQUERADING occurs in nat table, POSTROUTING chain :
iptables -t nat -A POSTROUTING [...] -j MASQUERADE
Moreover, in POSTROUTING chain, source MAC address is not available
anymore. So you can't match it. If you really want to use source MAC as
a criteria, you will have to mark packets in mangle table PREROUTING
chain, then match this mark in your masquerading rule :
iptables -t mangle -A PREROUTING -m mac --mac-source \
00:c0:49:c9:d3:f1 -j MARK --set-mark 0x1
iptables -t nat -A POSTROUTING -m mark --mark 0x1 \
-j MASQUERADE
Hope that'll help you achieve your goal.
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-08-04 18:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-08-04 17:57 Re[2]: Where libipt_MASQ.so (???) Jesús García Crespo (aka Sevein)
2003-08-04 18:08 ` Ralf Spenneberg
2003-08-04 18:16 ` Cedric Blancher
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox