Quote:
Originally Posted by hdinn
or when I put the rule in the FORWARD chain it will be automatically done.
|
As you normal define some condition witht the -s option of iptables. So to have all the ip's in the 192.168.0.0/24 range to be masqueraded you would do:
Code:
iptables -A PREROUTING -s 192.168.0.0/24 -j MASQUERADE
If you leave out the source option all the packages that arrive would match this rule.
I think what you are looking for is the -i option. This can be used to tell iptables to match on a certain incoming interface.
Example for eth0 as interface to local network
Code:
iptables -A PREROOUTING -i eth0 -s 192.168.0.0/24 -j MASQUERADE
This would bring all the packets which match the ip('s) and the incoming interface to be masqueraded and forwarded to the internet. To match on the outgoing interface use -o.
So how or where something is routed depends on the rules and the according matches you setup.
*Sidenote*
I guess that if you just would do a
Code:
iptables -A PREROUTING -j MASQUERAD
all packages coming into the machine would be masqueraded.
Quote:
Originally Posted by hdinn
because as I read in documents when a packet arrives not destined to the card A(IN) it will be routed ,but routed where?? so i have to mention the out IP address
|
Totaly right on that one. You can use the -o options to tell where you want the packets to leave the machine.
I just read up on the tutorial link I gave you. It's neither clear nor suiting your needs (I just used the first link that came up from google). Here is a better one which just describes how to setup a linux gateway to connect your local network to the world wide web.
http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html
Taken from netfilter.org
take a look at the link below to get some more inside into iptables and a bit of networking with linux.
http://www.netfilter.org/documentati...umentation-faq