Masquerading with iptables
Hi Guys
I'm studying for an upcoming Exam and just cant get my head around Masquerading with iptables.
Picture this scenario, I have a laptop connected to the internet via a wireless router. On the laptop I have a couple of KVM Virtual Machines, each on a seperate private /24 subnet. If I enable IP forwarding in sysctl, and add a static routing entry both VM's can access the internet just fine. There are no iptables rules in place.
So why would I want to use the masquerading option? Even if I did set the iptables default policy to DROP on the forward chain, I can just add a rule to accept traffic over the interfaces.
I'm obviously missing something really stupid here but just can't get my head around it.
Is masquerading just a way of doing routing with iptables rules instead of creating a static route? Everything I've read makes it look like I have the results of masquerading already yet my iptables config is blank!
Thanks
Last edited by Chris E; 12-28-2012 at 11:04 AM.
|