Masquerading with iptables
Hi Guys
I'm studying for an upcoming Exam and just cant get my head around Masquerading with iptables. Picture this scenario, I have a laptop connected to the internet via a wireless router. On the laptop I have a couple of KVM Virtual Machines, each on a seperate private /24 subnet. If I enable IP forwarding in sysctl, and add a static routing entry both VM's can access the internet just fine. There are no iptables rules in place. So why would I want to use the masquerading option? Even if I did set the iptables default policy to DROP on the forward chain, I can just add a rule to accept traffic over the interfaces. I'm obviously missing something really stupid here but just can't get my head around it. Is masquerading just a way of doing routing with iptables rules instead of creating a static route? Everything I've read makes it look like I have the results of masquerading already yet my iptables config is blank! Thanks |
Masquerading = NAT Overloading (you may want to Google that). It has very little to do with routing, other than the fact that it takes place on a system acting as a router.
And yes, I agree that you seem to have a working NAT setup, even though you haven't created any iptables rules. Perhaps some KVM script adds the required rules automatically? Does iptables -t nat -L POSTROUTING show an empty POSTROUTING chain? |
Thanks for the reply, I knew it was something stupid!
When looking at iptables -L (input/output/forward) there were no rules, but even if I did an iptables -F the rules were still in the NAT table! |
All times are GMT -5. The time now is 03:40 AM. |