Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm running centos6.3, which acts as gateway and firewall. I configured nat on it for remote desktops and jabber server to access from out side works perfect.
Quote:
Problem was if i remove MASQUERADE then nat is not working, if i set MASQUERADE to ACCEPT any one can configrure server ip as gateway and can use internet isn't it?
Please help me get the nat working without enabling MASQUERADE.
You don't provide enough information to give you a detailed answer. Masquerade is a form of NAT: it automatically translates traffic from one range to another and handles the return traffic. For example, a common use of masquerade is in sharing your wired internet (default gateway) connection with wireless devices. You can configure your wired range to use for example, 192.168.x.x and your wireless to use 10.10.y.y. and set the wireless IP address as the gateway for wireless devices. The use of masquerade will then automatically translate addresses on the wireless 10. range to 192.168 addresses and vice versa.
When you say you want to use NAT without masquerade you need to develop rules to allow your traffic and the return traffic. If you are having problems with your NAT rules, I would suggest posting your rules along with a description of exactly what you're trying to accomplish.
Also, in case you haven't already, it is usually necessary to set ip forwarding to 1 in order to allow traffic to bridge the ranges.
Thanks for your reply, sorry i couldn't give you more information. here are my rules, nat works for RDP,JABBER but at the same time MASQUERADE is enabled so that any user in the lan who is good enough to configure this firewall ip as his gateway and can use internet and do as he wish. In that case if i disable masquerade i'm unable to connect rdp from internet which means nat doen't work.
Quote:
:OUTPUT ACCEPT [38:2437]
-A PREROUTING -p tcp -m tcp --dport 110 -j DNAT --to-destination 192.168.80.110:3389
-A PREROUTING -p tcp -m tcp --dport 5222 -j DNAT --to-destination 192.168.80.3:5222
-A PREROUTING -p tcp -m tcp --dport 10 -j DNAT --to-destination 192.168.80.10:3389
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Wed Aug 21 18:20:01 2013
# Generated by iptables-save v1.4.7 on Wed Aug 21 18:20:01 2013
*filter
:INPUT ACCEPT [6876:2273997]
:FORWARD ACCEPT [13640:20222679]
:OUTPUT ACCEPT [5527:8428949]
COMMIT
# Completed on Wed Aug 21 18:20:01 2013
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.