Re: IPTables help

From: Migrating Coconut (
Date: 12/08/02

From: "Migrating Coconut" <>
Date: Sun, 08 Dec 2002 21:49:30 GMT



"Sleepy" <> wrote in message
> The OUTPUT chain is for packets going out from the machine running as
> firewall.
> POSTROUTING is for packets that need to be massaged before they are sent
> out.
> I belive what yu asking is, the DNAT rules go where?
> in my setup, 4 machines behind the firewall box , I have
> #iptables -t nat -A POSTROUTING -o $EXT -j MASQUERADE
> I hope this helpes. dont forget the state i.e
> iptables -A FORWARD -i $INT -o EXT -m state --state
> Migrating Coconut wrote:
> > I'm starting to work out the rule sets for a Linux IPTables firewall
> > for
> > my home network. I'll be using IP masquerading to give the internal
> > machines internet access. I have the basic rules down, but the
> > part confuses me a little. If I'm doing a DNAT rule, do I put the rule
> > the POSTROUTING or OUTPUT chain? I have info on how to build the rules,
> > but I can't find any on where to put them and how the tables relate to
> > each
> > other. Any information you could provide would be wonderful. Thanks in
> > advance,
> >
> > mc
> --
> ".. and God said let be a command line, and there be a command line.After
> God made the command line He liked the the shell prompt. and wanted to
> some notes and God said let there be an editor, and there be "vi" "

Relevant Pages

  • Re: IPTables help
    ... POSTROUTING is for packets that need to be massaged before they are sent ... in my setup, 4 machines behind the firewall box, I have ... > machines internet access. ...
  • Re: [opensuse] Getting SSH to Work
    ... opened port 22 for ssh in the firewall. ... That doesn't mean the packets aren't being dropped when coming from this particular machine. ... I could demonstrate selective packet dropping with iptables and a few test machines, but you get the point, right? ...
  • RE: unusual outbound traffic
    ... This is an old version of kerio firewall but it is ok to monitor this ... We have been seeing an increasing amount of unusual network activity trying ... The activity began 2004-08-10 with 4 machines trying to send packets out at ...
  • Re: 2.6.9 tcp problems
    ... packets because of a duplex mismatch. ... and do so on the other firewall. ... All 2.4.x machines and windows ... send the line "unsubscribe linux-kernel" in ...
  • Re: Norton 2005 Int Security, Trend PCcillin or Zone Alarm ???????
    ... > I want security I can run on both machines. ... System overhead is higher than standard firewall applications. ... Symantec products do not remove (uninstall) well. ... Micro Trends PC-Cillan is very good (possibly the best in home network ...