LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Masquerading with iptables (https://www.linuxquestions.org/questions/linux-networking-3/masquerading-with-iptables-4175443266/)

Chris E 12-28-2012 11:03 AM

Masquerading with iptables
 
Hi Guys

I'm studying for an upcoming Exam and just cant get my head around Masquerading with iptables.

Picture this scenario, I have a laptop connected to the internet via a wireless router. On the laptop I have a couple of KVM Virtual Machines, each on a seperate private /24 subnet. If I enable IP forwarding in sysctl, and add a static routing entry both VM's can access the internet just fine. There are no iptables rules in place.

So why would I want to use the masquerading option? Even if I did set the iptables default policy to DROP on the forward chain, I can just add a rule to accept traffic over the interfaces.

I'm obviously missing something really stupid here but just can't get my head around it.

Is masquerading just a way of doing routing with iptables rules instead of creating a static route? Everything I've read makes it look like I have the results of masquerading already yet my iptables config is blank!

Thanks

Ser Olmy 12-28-2012 12:01 PM

Masquerading = NAT Overloading (you may want to Google that). It has very little to do with routing, other than the fact that it takes place on a system acting as a router.

And yes, I agree that you seem to have a working NAT setup, even though you haven't created any iptables rules. Perhaps some KVM script adds the required rules automatically? Does iptables -t nat -L POSTROUTING show an empty POSTROUTING chain?

Chris E 12-28-2012 01:26 PM

Thanks for the reply, I knew it was something stupid!

When looking at iptables -L (input/output/forward) there were no rules, but even if I did an iptables -F the rules were still in the NAT table!


All times are GMT -5. The time now is 03:40 AM.