Hosting Provided By

Re: iptables masquerading

From: Jim Popovitch <yahoo(at)jimpop.com>
Date: Mon Feb 04 2008 - 09:28:32 EST

On Feb 4, 2008 4:09 AM, Stephen Gran <sgran@debian.org> wrote:
> And traffic out eth0 is NAT'ted (wrongly - note the missing netmask)

Ahhh...that was an email typo, I was using a /24.

> So, I'm assuming that your network is something like:
>
> ---------- ----------- ------------
> | LAN | | Router | | VPN LAN |
> ---------- ----------- ------------
> \eth0/ \tap0/
>
> and you want to route traffic from LAN to VPN LAN.
>
> You need to accept traffic coming in eth0 and exiting tap0. You
> currently only accept reply traffic.

Which is fine, this is for outbound traffic from firewall'ed and vpn'ed clients

> You'll find it easier to NAT traffic going out tap0 (SNAT instead of
> DNAT).
I switched to SNAT (instead of MASQUERADE) and was able to get this to work.

Thanks all,

-Jim P.

-- 
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Mon Feb 4 09:29:03 2008

This message: [ Message body ]
Next message: umar sani: "pinjaman nya besar 25-125 jt,kecil bunga nya 1,36..5 hari saja"
Previous message: Stephen Gran: "Re: iptables masquerading"
In reply to: Stephen Gran: "Re: iptables masquerading"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:52:45 EDT

Do you need help?